Configure SSL for Tomcat (8443

Configure SSL for Tomcat (8443
Create Certificate

Certificates are an important key in the Single Sign-On authentication system. The interaction security of clients on servers depends on certificates; in this tutorial, we will use the keytool tool that comes with JDK to generate a certificate. If you are actually using it in the product environment, you must purchase it from the certificate provider. Generally, VeriSign authenticates the certificate, chinese official website: http://www.verisign.com/cn/

Use the built-in JDK keytool to generate a certificate:

keytool -genkey -alias wsria -keyalg RSA -keystore d:/keys/wsriakey

No picture is not powerful, and a picture has the truth:

The specific input items are described in the image. I want to explain one thing. After Entering the password, I am prompted that the entered domain name is sso.wsria.com. In fact, this domain name does not exist, but I Virtualize this domain name for demonstration purposes. The trick is to modify

C:\Windows\System32\drivers\etc\hosts

Add the following content:

127.0.0.1 sso.wsria.com

In this way, when accessing sso.wsria.com, it actually accesses 127.0.0.1, that is, the local machine.

Severe reminder: You cannot enter an IP address when prompted to enter a domain name.

Iii. export certificates

D:\keys>keytool -export -file d:/keys/wsria.crt -alias wsria -keystore d:/keys/wsriakey

Note:If the prompt is:

keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

Enter the password:Changeit

Color:

Now the certificate export is complete and can be distributed to the application's JDK for use. Next we will explain how to import the certificate to the client's JVM.

4. Import Certificates for the client's JVM

keytool -import -keystore D:\tools\jdk\1.6\jdk1.6.0_20\jre\lib\security\cacerts -file D:/keys/wsria.crt -alias wsria

Color:

Note

D: \ tools \ jdk \ 1.6 \ jdk1.6.0 _ 20 \ jre \ lib \ security -- the directory of jre; password or the password just entered. So far, the certificate creation, export, and import to the client JVM have been completed. Now, use the certificate to the Web server. In this tutorial, tomcat is used.

5. Apply the certificate to the Web server-Tomcat

It is said that the initial task of an application is to enable the SSL of the Web server (Tomcat), that is, the HTTPS encryption protocol. Why do I have to worry about encryption ...... Prepare a clean tomcat. In this tutorial, use apache-tomcat-6.0.29 to open the conf/server in the tomcat directory. in the xml file, enable the comments of lines 83 and 87, and set the keystoreFile and keystorePass to be modified as follows:

Xml Code "Quality =" high "type =" application/x-shockwave-flash "pluginspage =" http://www.macromedia.com/go/getflashplayer ">

1. <ConnectorPort = "8443"Protocol = "HTTP/1.1"SSLEnabled = "true"
2. MaxThreads = "150"Scheme = "https"Secure = "true"
3. ClientAuth = "false"SslProtocol = "TLS"
4. KeystoreFile = "D:/keys/wsriakey"
5. KeystorePass = "wsria.com"
6. />

Parameter description:

• KeystoreFile: storage location of the key created in step 1
• KeystorePass: password used to create a certificate

  Okay, now Tomcat SSL is enabled, now you can start tomcat to try, for example, this tutorial input address: https://sso.wsria.com: 8443/
  Open:

  
  

  Certificate error prompted by the browser

  
  Okay. Click "continue to browse this website (not recommended ). ", Now go to the Tomcat directory. If so, you have taken another step toward success.

  ----------------------------------------------------------------------

   

  Error summary:

  Error reported after tomcat 8443 is configured

  You need to change protocol
  Protocol = "org. apache. coyote. http11.Http11Protocol"