"Test water CAS-4.0.3" No. 06 section _cas Server Configuration HTTPS

/** * @see CAS server configuration HTTPS * @see------------------------------------------------------------------------------------  ------------------------------------* @see 1. Generate KeyStore * @see 1.1.d:\>keytool-genkey-alias Xuanyukeystore-keyalg Rsa-validity 1024-keystore D:/keys/xuanyukey * @see-genkey means generate key * @see-alias Specify alias, this is Xuanyukeystor E * @see-keyalg Specify the algorithm, here is the RSA * @see-validity Specify the certificate validity period, here is 1024 days * @see-keystore Specify the generated keystore file name and path, here Yes D:/keys/xuanyukey * @see 1.2.CMD output--Input KeyStore Password: xuanyu75 (formerly called ' Input keystore password ') * @see re-enter the new password: xuanyu75 * @see What is your first and last name? [Unknown]:sso.jadyer.com (Single-point server domain name: To fill in the domain name according to the actual situation, otherwise it will cause the name on the certificate to be invalid) * @see What is your organizational unit name? [Unknown]:http://blog.csdn.net/jadyer * @see What is your organization name? [Unknown]:javalover_jadyer * @see What is the name of your city or region? [Unknown]: Chongqing * @see What is the name of your state or province?             [Unknown]: Jiangbei District * @see The unit's two-letter country code is what [Unknown]:zh * @see    Cn=sso.jadyer.com, Ou=http://blog.csdn.net/jadyer, O=javalover_jadyer, l= Chongqing, st= Jiangbei District, C=zh right? [No]:y * @see enter <XuanyuKeyStore> master password (if same as KeyStore password, press ENTER): Press ENTER HERE * @see (the master password here must be KeyStore password is the same, or start Tomcat will tell you java.io.IOException:Cannot recover key) * @see 1.3. The next generation d:/keys/xuanyukey file * @see----- --------------------------------------------------------------------------------------------------------------- ----* @see 2. Export certificate * @see 2.1.d:\>keytool-export-file d:/keys/xuanyu.crt-alias xuanyukeystore-keystore D:/keys/Xu       Anyukey * @see-alias need to enter the alias used to generate KeyStore, otherwise you will be prompted ' Keytool error: java.lang.Exception: alias <XuanyuCRT> not present ' * @see Enter the KeyStore password to enter the password that was set when the KeyStore was generated * @see the console prints the certificate stored in file <D:/keys/Xuanyu.crt> after the import is successful @see 2.2. When the browser accesses a single-point client, the first Will jump to the CAS server login page, the browser will first ask the user, this is an unknown SSL request, whether to continue * @see If you import the CRT certificate into the browser, you will not see this query page, the following is the steps to import the CRT to the browser * @see double-click Xuan Yu.crt--> Install the certificate--next--and put all the certificates into the following storage--browse--Trusted rootCertification authorities--next to finish * @see a dialog box appears ' You are about to install the certificate from a certification authority claiming to represent the following: Sso.jadyer.com ... Are you sure you want to install this certificate-----Import successfully--OK * @see----------------------------------------------------------------------- -------------------------------------------------* @see 3. Import the certificate to the JVM * @see 3.1.d:\>keytool-import-keystore D:\Deve Lop\java\jdk1.7.0_76\jre\lib\security\cacerts-file D:/keys/xuanyu.crt-alias xuanyukeystore * @see Enter KeyStore password: Xuan yu75 * @see owner: cn=sso.jadyer.com, Ou=http://blog.csdn.net/jadyer, O=javalover_jadyer, l= Chongqing, st= Jiangbei District, C=zh * @se           E Publisher: Cn=sso.jadyer.com, Ou=http://blog.csdn.net/jadyer, O=javalover_jadyer, l= Chongqing, st= Jiangbei District, C=zh * @see           Serial Number: 5149EE5A * @see validity start date: Fri 15:21:24 CST 2015, due date: Sun May 15:21:24 CST 2018 * @see Certificate Thumbprint: * @see md5:84:e1:92:ed:71:49:d4:d5:94:cb:ab:35:bb:01:81:0b * @see sha1:a0:  1E:BD:CE:8B:DB:F3:7E:2C:ED:7A:9A:5D:72:41:3C:1D:28:D1:2A * @see                  sha256:b2:90:99:8d:29:ba:87:48:ae:3a:d8:e2:ad:8e:9e:f3:1b:95:ff:65:29: * @see 48:bd:eb:c4:29:            14:9E:69:86:B1:D6 * @see Signature Algorithm name: Sha256withrsa * @see version: 3 * @see * @see Extension: * @see * @see #1: objectid:2.5.29.14 criticality=false * @see subjectkeyide ntifier [* @see keyidentifier [* @see 0000:9c 5B 4C 7B F3 (ft.[) .. R$l. If.. * @see 0010:f4 A9 E5 ... "* @see] * @see] * @se E * @see Do you trust this certificate?  [No]: Y * @see certificate has been added to the keystore * @see Note after entering the key password if prompted ' Keytool error: Java.io.IOException:Keystore was tampered with, or Password was incorrect ' * @see then change the password, enter ' Changeit ' on the line * @see--------------------------------------------------------- ---------------------------------------------------------------* @see 4. Apply certificate to Tomcat-8.0.21 * @sEE 4.1. Copy the generated d:/keys/xuanyukey to the \\%tomcat_home%\\conf\\ directory (other directories can also) * @see 4.2.server.xml * @see <connector por t= "8443" protocol= "http/1.1" sslenabled= "true" * @see maxthreads= "All" scheme= "https" secure= "true" * @se E clientauth= "false" sslprotocol= "TLS" uriencoding= "UTF-8" * @see keystorefile= "Conf/xua Nyukey "keystorepass=" xuanyu75 "/> * @see 4.3. Browser Access Https://127.0.0.1:8443/blog will find that your app is already in the SSL secure channel * @see 4.4. But at this time access Http://127.0.0.1:8080/blog will find it can also access * @see that is, although we enable HTTPS, but now also bypass HTTPS direct HTTP access, so HTTPS will not function * @see Modify \\%t           Omcat_home%\\conf\\web.xml file, trailing <welcome-file-list> tag add the following content * @see <security-constraint> * @see <!--Authorization setting for SSL--and * @see <web-resource-collection> * @see &L               t;web-resource-name>ssl_app</web-resource-name> * @see <!--Specify the URL that requires SSL--* @see <url-pattern>/*</url-pattern> * @see  
Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.
 
"Test water CAS-4.0.3" No. 06 section _cas Server Configuration HTTPS