Tomcat certificate request instruction with HTTPS protocol

T omcat Use H Certificate Application Manual for the TTPS agreement

The HTTPS protocol is an encrypted version of the HTTP protocol, Https=http+ssl.

first, related concepts SSL Certificate

An SSL certificate is a digital certificate that is installed on the server. SSL certificate is installed on the Web site, you can use HTTPS access, the user browser and the site server to establish an "SSL encryption channel", in the online transactions, online payment, your transaction information, identity information, account password and other confidential information encrypted transmission, to prevent information disclosure.

Meanwhile, SSL certificate is issued by the Authority CA Authority certification website, in the certificate to show the site unit or individual's real information, and through the green Address bar, security lock, HTTPS and other prominent identification, inform users that the site identity safe and trustworthy, to prevent phishing fraud.

installation SSL certificate, using HTTPS protocol encrypted access to the Web site, you can activate the client browser to the site server between the "SSL Encryption Channel" (SSL protocol), high-intensity bidirectional encrypted transmission, to prevent the transmission of data leakage or tampering. Therefore, theHTTPS protocol requires a certificate to be applied to the CA .

CA Certification

e-Commerce certification authority ( CA, Certificate authority), also known as e-commerce Certification center, is the authority responsible for issuing and managing digital certificates, and as a trusted third party in e-commerce transactions, assumes responsibility for the legality of public key in public key system.

The CA center issues a digital certificate for each user who uses the public key, and the role of the digital certificate is to certify that the user listed in the certificate has a legitimate public key listed in the certificate. The digital signature of the CA institution allows an attacker to forge and tamper with the certificate.

The certificate is actually issued by a certificate Visa authority ( CA) The authentication of the user's public key issued.

PS: If you do not request a certificate from the CA authority, use your own generated certificate, and force the modification of Tomcat to use the HTTPS protocol, which will cause the browser to be unable to access the site.

second, how to apply for a certificate Select an authoritative certification authority

because SSL certificates are special, and not all SSL certificates issued by the CA authorities are trusted by the browser, which is why some websites will report "This certificate is not trusted" by the browser. Be sure to select an SSL certificate authority that is trusted globally, and only the CA authority that is certified by the international WebTrust, whose root certificate is provisioned to Microsoft's operating system and browser, is issued with an SSL certificate that can be trusted by the browser.

Request a certificate

each The process of requesting an SSL certificate from a CA institution may be different, basically the same. You first need to generate a certificate request file, then send it to the CA agency certification, and then import the certificate and install it on the server.

CSR file

A CSR is an acronym for Cerificate Signing request, a certificate requesting file, that is, when a certificate requester requests a digital certificate, the CSP (cryptographic service provider) generates a certificate request file while generating the private key. As soon as the certificate requester submits the CSR file to the certification authority, the certification authority generates the certificate public key file, which is the certificate issued to the user, using its root certificate private key signature.

third, the application of the certificate step

everything with the selected The program provided by the CA agency shall prevail . Here are just a few of the steps I've written to refer to the process of building an HTTPS protocol locally .

Preparation environment:

1, install JDK,Tomcat.

2. Configure the Java environment.

Use The Keytool tool for the JDK generates the KeyStore file. After configuring the Java environment, you can open the console directly, using the Keytool command, as follows:

1 , Generate private key

to generate a certificate under command execution :

Keytool-genkey-alias Dataocean-keyalg Rsa-keystore D:\dataocean.jks

Description

-alias Dataocean alias is Dataocean

-keyalg RSA the encryption algorithm is Rsa

-keystore D:\dataocean.jks KeyStore location and name of the generated

Attention:

A, please be sure to input all items according to the prompt, and ensure its accuracy. "What is your first and last name?" "This is required and must be the domain name of the Tomcat deployment host or ip[such as: Baidu.com or 10.1.25.251]

b, if the output path contains spaces, you need to use the English state of the double quotation marks enclosed.

C,keystore password at least 6 characters, if the computer installed JDK 6 or later, password input will not display, if the JDK 5 version, password input will appear in clear text, it is important to note and remember this password, especially the case of uppercase and lowercase letters

D, the following is related to the Keytool tool to enter the password for this password

e, prompted to enter the master password directly press ENTER, to ensure that the KeyStore password and Dataocean master password consistent

2 , generate a CSR file

Command to generate under command CSR file :

Keytool-certreq-alias dataocean-sigalg sha256withrsa-file D:\certreq.csr-keystore D:\dataocean.jks

Use when the above command is generated D:\CERTREQ.CSR file

3 , backing up the private key text

back up the private key file and note the private key password .

4 , send CSR to CA Agency

Submit the certificate request file CERTREQ.CSR to the CA institution for the certificate to be issued. If the KeyStore file Dataocean.jks is missing, it will cause the certificate to be unavailable.

5.Import and install the certificate from the server

This step has not been operated, can refer to Baidu experience " SSL Certificate Tomcat Deployment:

Https://jingyan.baidu.com/article/49ad8bce4d864c5834d8fab3.html

Tomcat certificate request instruction with HTTPS protocol