HTTP transfer HTTPS

1. Home through JS Direct jump

<script language= "JavaScript" >

<!--

var a=location.href;

var b=a.substring (5);

var a=a.substring (0,5);

var a=a.tolowercase ();

if (a== "http:")

{

location.href= "https:" +B;

}

-->

</SCRIPT>

2. set HTTP direct to HTTPS in Apache2.2.3

1, the premise

The website has joined the OpenSSL function in Apache, and binds the tomcat (detailed operation next time writes out), may through https://+ domain name or the http://+ domain name access, both Apache are compatible, may open, such words, the website is still not safe enough.

The user input or the browser to add their own httpt head automatically to HTTPS, you can achieve

2, search

Search through the search engine a lot of configuration methods, the target point to the Apache Rewrite module

3, to configure the method of screening, a lot of configuration is basically perfect, for 2.2.6, like a lot of httpd.conf configuration files are divided into the extra, find the relevant documents to match on the line

4, configuration after

1 installed in the rewrite module, add the following statement in the httpd.conf, if there is no need to add the

LoadModule Rewrite_module modules/mod_rewrite.so

2 Set up the virtual host File open, set up a virtual host, file name conf/extra/httpd-vhosts.conf, under the httpd.conf

# Virtual Hosts

Include conf/extra/httpd-vhosts.conf

Get rid of the # and go into extra and open httpd-vhosts.conf

Join in the VirtualHost

<virtualhost ip:80>

ServerAdmin services@easywlan.cn

DocumentRoot "/usr/local/tomcat/webapps/web"

ServerName localhost

Serveralias localhost

ErrorLog "/usr/local/httpd/logs/localhost_error_log"

Customlog "/usr/local/httpd/logs/ssl_request_log" \

"%t%h%{ssl_protocol}x%{ssl_cipher}x \"%r\ "%b"

Rewriteengine on

Rewritecond%{server_port}!^443$

Rewriterule ^.*$ Https://%{server_name}%{request_uri} [L,r]

</VirtualHost>

3 ensure Conf/extra/httpd-ssl file unchanged, bar the original set of rewrite rules, all cut to the httpd-vhost.conf can be

4 Restart Apache to successfully convert httpd

The above operation is configured with the Apache 2.2.6 and OpenSSL post compiled module 3. Tomcat configuration HTTPS

tomcat6 Configuration bi-directional authentication
1. Generate server-side certificates
Keytool-genkey-keyalg rsa-dname "CN=LOCALHOST,OU=SANGO,O=NONE,L=CHINA,ST=BEIJING,C=CN"-alias Server-keypass Password-keystore Server.jks-storepass password-validity 3650
2. Generate Client Certificates
Keytool-genkey-keyalg rsa-dname "CN=SANGO,OU=SANGO,O=NONE,L=CHINA,ST=BEIJING,C=CN"-alias custom-storetype PKCS12- Keypass Password-keystore custom.p12-storepass password-validity 3650
The client's CN can be any value.
3, because it is two-way SSL authentication, the server must trust the client certificate, therefore, the client certificate must be added as the server's trust authentication. Since it is not possible to import a PKCS12-formatted certificate library directly, we must first export the client certificate to a separate CER file, using the following command to export the client certificate to a separate CER file:
Keytool-export-alias custom-file custom.cer-keystore custom.p12-storepass password-storetype PKCS12-RFC
Then, add the client certificate to the server (import the signed digital certificate into the KeyStore)
Keytool-import-v-alias custom-file custom.cer-keystore server.jks-storepass Password
4, view the contents of the certificate
Keytool-list-v-keystore server.jks-storepass Password
5. Configure Tomcat Service.xml files
<connector port= "8443" protocol= "http/1.1" sslenabled= "true"
maxthreads= "Scheme=" "https" secure= "true"
Clientauth= "true" sslprotocol= "TLS"
Keystorefile= "D:/server.jks" keystorepass= "password"
Truststorefile= "D:/server.jks" truststorepass= "password"
/>
Clientauth= "True" means two-way authentication
6, import client certificate to Browser
Bi-directional authentication requires mandatory authentication of client certificates. Double-click "CUSTOM.P12" to import certificates into IE
TOMCAT6 Configuration one-way authentication
1. Generate server-side certificates
Keytool-genkey-keyalg rsa-dname "CN=LOCALHOST,OU=SANGO,O=NONE,L=CHINA,ST=BEIJING,C=CN"-alias Server-keypass Password-keystore Server.jks-storepass password-validity 3650
2, because it is one-way certification, there is no need to generate the client's certificate, directly into the configuration Tomcat Service.xml file
<connector port= "8443" protocol= "http/1.1" sslenabled= "true"
maxthreads= "Scheme=" "https" secure= "true"
Clientauth= "false" sslprotocol= "TLS"
Keystorefile= "D:/server.jks" keystorepass= "password"
/>
Clientauth= "false" means one-way authentication, while removing truststorefile= "D:/server.jks" truststorepass= "password"