我的tomcat+SSL详细操作指南

时间:2023-01-12 19:38:46

1.生成 server key

keytool -genkey -alias tomcat -keyalg RSA -keypass changeit -storepass changeit -keystore server.keystore -validity 3600
F:/bak_e/Downloads/safe/tomcat+ssl>keytool -genkey -alias tomcat -keyalg RSA -ke
ypass changeit -storepass changeit -keystore server.keystore -validity 3600
您的名字与姓氏是什么?
  [Unknown]:  mc
您的组织单位名称是什么?
  [Unknown]:  test
您的组织名称是什么?
  [Unknown]:  test
您所在的城市或区域名称是什么?
  [Unknown]:  cd
您所在的州或省份名称是什么?
  [Unknown]:  sc
该单位的两字母国家代码是什么
  [Unknown]:  cn
CN=mc, OU=test, O=test, L=cd, ST=sc, C=cn 正确吗?
  [否]:  y
在程序运行目录生成server.keystore

2.  将证书导入的JDK的证书信任库中:

keytool -export -trustcacerts -alias tomcat -file server.cer -keystore  server.keystore -storepass changeit
F:/bak_e/Downloads/safe/tomcat+ssl>keytool -export -trustcacerts -alias tomcat
-file server.cer -keystore  server.keystore -storepass changeit
保存在文件中的认证 <server.cer>[在程序运行目录生成server.cer]

keytool -import -trustcacerts -alias tomcat -file server.cer -keystore  %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit
F:/bak_e/Downloads/safe/tomcat+ssl>keytool -import -trustcacerts -alias tomcat -
file server.cer -keystore  %JAVA_HOME%/jre/lib/security/cacerts -storepass chang
eit
所有者:CN=mc, OU=test, O=test, L=cd, ST=sc, C=cn
签发人:CN=mc, OU=test, O=test, L=cd, ST=sc, C=cn
序列号:4733fa88
有效期: Fri Nov 09 14:13:28 CST 2007 至Sun Sep 17 14:13:28 CST 2017
证书指纹:
         MD5:3E:02:2F:E5:F7:39:4F:4A:F4:1C:69:45:33:81:36:2D
         SHA1:67:8D:7B:FC:40:D4:31:97:5E:D1:A6:0D:71:70:E8:3C:E3:22:FF:58
         签名算法名称:SHA1withRSA
         版本: 3
信任这个认证? [否]:  y
认证已添加至keystore中

3.copy 上面2文件到tomcat根目录里面[E:/djoa/apache-tomcat-5.5.23]

4.配置TOMCAT :
修改%TOMCAT_HOME%/conf/server.xml,以文字编辑器打开,查找这一行:
xml 代码
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->  
将之后的那段的注释去掉,并加上 keystorePass及keystoreFile属性。
之前:
    <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
    <!--
    <Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />
    -->
    <!-- Define an AJP 1.3 Connector on port 8009 -->
之后:
    <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
    <Connector port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
      keystoreFile="server.keystore"
      keystorePass="changeit"
      />
    <!-- Define an AJP 1.3 Connector on port 8009 -->
再注释掉8080配置:
    <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
    <!--Connector port="8080" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="8443" acceptCount="100"
               connectionTimeout="20000" disableUploadTimeout="true" /-->


5.启动tomcat,ok!!
我的为:tomcat-5.5.23+win2003
:)