Configure Tomcat to use https protocol (Configure SSL protocol), httpsssl

Configure Tomcat to use https protocol (Configure SSL protocol), httpsssl

Address: http://ln-ydc.iteye.com/blog/1330674

 

 

Content Overview:

If you want Tomcat to support Https, the main task is to configure the SSL protocol.

1. Generate a security certificate

2. Configure tomcat

Bytes ---------------------------------------------------------------------------------------------------------------------------

Prerequisites:

Sso

Cas

Ssl

Https

Ca

Bytes ---------------------------------------------------------------------------------------------------------------------------

Environment:

1. the java 1.6

2. tomcat 6_0_26

Bytes ---------------------------------------------------------------------------------------------------------------------------

Generate security certificate:

1. java environment: SUN provides the certificate production tool keytool.

This tool is included in JDK 1.4 and later versions. Its location is <JAVA_HOME> \ bin \ keytool.exe.

2. Create a CERTIFICATE command:

Cmd code

1. Keytool-genkeypair-alias "tomcat"-keyalg "RSA"-keystore "f: \ tomcat. keystore"

The parameters are as follows:

 

The password here is tomcat. The first and last names are domain names, and others are entered based on the actual situation.

 

 

The above command will produce an asymmetric key and self-signed certificate f: \ tomcat. keystore.

Save the certificate to the place where you want to store it. Save my certificate to D: \ Tools \ Web \ ssl \ tomcat. keystore.

Note: The "name and last name" should be a domain name, and should be entered as a name, which is inconsistent with the domain name during real operation and may cause problems.

Bytes ---------------------------------------------------------------------------------------------------------------------------

Configure tomcat:

Go to the tomcat installation directory and find the server. xml file under conf.

Find the following code that has been commented out:

Xml Code

1. <! --
2. <Connector port = "8443" protocol = "HTTP/1.1" SSLEnabled = "true"
3. MaxThreads = "150" scheme = "https" secure = "true"
4. ClientAuth = "false" sslProtocol = "TLS"/>
5. -->

Remove the comment and modify it:

Xml Code

1. <Connector port = "8443" protocol = "HTTP/1.1" SSLEnabled = "true"
2. MaxThreads = "150" scheme = "https" secure = "true"
3. ClientAuth = "false" sslProtocol = "TLS"
4. KeystoreFile = "D: \ Tools \ Web \ ssl \ tomcat. keystore"
5. KeystorePass = "tomcat"
6. Ciphers = "tomcat"/>

Here, the password and certificate are set based on the individual's specific environment. The attribute parameters are described as follows:

Attribute	Description
ClientAuth	If it is set to true, Tomcat requires all SSL customers to present the security certificate and perform identity verification for the SSL customers.
KeystoreFile	Specifies the storage location of the keystore file. You can specify the absolute path or the relative path of the Environment Variable relative to the <CATALINA_HOME> (Tomcat installation directory. If this option is not set, Tomcat reads the file named ". keystore" from the user directory of the current operating system by default.
KeystorePass	Specifies the keystore password. If this option is not set, Tomcat uses "changeit" as the default password by default.
SslProtocol	Specifies the encryption/decryption protocol used by the Socket. The default value is TLS. You should not modify this default value.
Ciphers	Specifies the list of available Sockets for encryption. Multiple passwords are separated by commas. If this option is not set, the socket can use any available password by default.

Visit websites that support ssl:

Start tomcat and enter https: // localhost: 8443/in the browser. Use ie to access tomcat.

 

Select to continue browsing this website

 

 

Successful !!

 

Problems:

I encountered a problem during the configuration process. When I modified the server. xml configuration, I started tomcat and reported an error.

Java. lang. Exception: No Certificate file specified or invalid file format
At org. apache. tomcat. jni. SSLContext. setCertificate (Native Method)
At org.apache.tomcat.util.net. AprEndpoint. init (AprEndpoint. java: 761)
At org. apache. coyote. http11.Http11AprProtocol. init (Http11AprProtocol. java: 109)
At org. apache. catalina. connector. Connector. initialize (Connector. java: 1123)
At org. apache. catalina. core. StandardService. initialize (StandardService. java: 703)
At org. apache. catalina. core. StandardServer. initialize (StandardServer. java: 838)
At org. apache. catalina. startup. Catalina. load (Catalina. java: 538)
At org. apache. catalina. startup. Catalina. load (Catalina. java: 562)

 

I found it online,

The solution is to replace protocol = "HTTP/1.1" with protocol = "org. apache. coyote. http11.Http11Protocol;

APR plays a major role in improving Tomcat performance. We recommend that you configure the APR mode.