Home > Developer > Linux

Tomcat HTTPS/SSL service configuration (with bidirectional authentication, windows,linux platform validation Pass)

Source: Internet
Author: User
Tags dname pkcs12
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >


1. Create the server key, whose keystore is/HOME/GR/SERVER.KS

PS1: Note that Keypass and Storepass are consistent, representing both the key password and the KeyStore password, respectively,
PS2: note In Cn=localhost, localhost indicates the hostname to be configured for SSL and cannot be arbitrarily specified

~ $keytool-genkey-v-alias serverkey-dname "cn=192.168.10.101"-keyalg rsa-keypass 123456-keystore Server.ks-storepas S 123456

2. Create the client key, its keystore is/HOME/GR/CLIENT.P12, note the key store suffix, note the KeyStore type PKCS12

~ $keytool-genkey-v-alias clientkey-dname "Cn=someone"-keyalg rsa-keypass 654321-keystore client.p12-storepass 6543 21-storetype PKCS12

3. Export the client key as a certificate file (the file generated here will be used in the next step)

~ $keytool-export-alias clientkey-file client.cer-keystore client.p12-storepass 654321-storetype PKCS12

4. Import the client key file above into the server certificate library and set it to trust the certificate

PS: Note will ask you whether you trust the certificate, answer Y can

~ $keytool-import-v-alias client-file client.cer-keystore server.ks-storepass 123456

5. In order to make SSL access in the browser, import the client KeyStore file in the browser client.p12

5.1 Linux Platform
Chrome: Settings--Advanced--https/ssl--Management Certificate--your certificate, import CLIENT.P12
Firefox: Preferences--Advanced--Certificate--View Certificate--Your certificate, import CLIENT.P12
5.2 Windows Platform
Ie:internet Options--Content--Certificate--Personal, import CLIENT.P12
Chrome: Options--Advanced--Certificate--View Certificate--Your certificate, import CLIENT.P12
Firefox: Settings--Advanced--https/ssl--Management Certificate--Personal, import CLIENT.P12

6. Configure the Tomcat server to support SSL authentication, edit files:%tomcat_home%/conf/server.xml

6.1 The following configuration code is originally blocked, and now remove its mask, and correspondingly increase the configuration of the KeyStore, where clientauth= "true" to start two-way authentication, otherwise, only the client Authentication server-one-way

6.2 The modified content is

<connector port= "8443" protocol= "http/1.1" sslenabled= "true"
maxthreads= "Scheme=" "https" secure= "true"
Clientauth= "true" sslprotocol= "TLS"
Keystorefile= "/HOME/GR/SERVER.KS" keystorepass= "123456"
Truststorefile= "/HOME/GR/SERVER.KS" truststorepass= "123456"/>

6.3 Property Description

ClientAuth: Set whether bidirectional authentication, default = False, set to True for bidirectional authentication
Keystorefile: Server certificate file path
Keystorepass: Server certificate Password
Truststorefile: The root certificate used to authenticate the client certificate, in this case the server certificate
Truststorepass: Root certificate Password

7. Launch TOMCAT and Access in Internet Explorer: HTTPS://LOCALHOST:8443/project name


Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Tomcat HTTPS/SSL service configuration (with bidirectional authentication, windows,linux platform validation Pass)

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
tomcat logging configuration two pass authentication validation code on ez pass sap validation rules configuration tomcat restful web service tomcat ldap authentication active directory sql create linked server with windows authentication

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More