1. Download and install nativeApr installation and configuration under Windows is simple, you can download the tomcat-native binary version package directly:
The directory structure after download is:
Tcnative-1.dll This library already contains the APR,OPENSSL core engine, and Tomcat-native code, Openssl.exe is the integrated OpenSSL command-line tool; The x64 bit is a 64-bit folder. However, it is worth noting that if you want to use thisOpenssl.exe for certification, you need to manually set up aopenssl.cnf, you can also go to the official network of OpenSSL to download a, you need to set the environment variables:Set OPENSSL_CONF=OPENSSL.CNF
For the above download, for each tomcat may correspond to the tomcat-native different, one of the best way is, in the Tomcat binary media bin directory, there is a corresponding:
After decompression, the same as the above download, except that the version and the current tomcat is the corresponding;
In this step, you can also choose to download the source code, and then compile in the VC, possibly OpenSSL's compilation needs to install the Perl environment.
2.openssl generate KeyStore and certificate library
(
generate server-side KeyStore)
D:\software\tomcat8032\bin>o
penssl.exe genrsa-out rsa-private-key.pem 1024x768Warning:can ' t open config file:/usr/local/ssl/openssl.cnfgenerating RSA private key, 1024x768 bit long modulus.....++++++. ..... ++++++e is 65537 (0x10001)-----------.....
(
Setting Environment Variables)
D:\software\tomcat8032\bin>
Set OPENSSL_CONF=OPENSSL.CNF
(
build a server-side certificate store)
D:\software\tomcat8032\bin>
openssl.exe req-new-x509-nodes-sha1-days 365-key rsa-private-key.pem-out self-signed-cert.pem You is about to being asked to enter information that'll be incorporatedinto your certificate request. What's about-to-enter is called a distinguished Name or a DN. There is quite a few fields but can leave some blankfor some fields there would be a default value,if you enter '. ', t He field would be a left blank.-----Country Name (2 letter code) [AU]:
cnState or province name (full name) [Some-state]:
BeijingLocality Name (eg, city) []:
HaidianOrganization Name (eg, company) [Internet widgits Pty LTD]:
CSSOrganizational Unit Name (eg, section) []:
GuodianCommon name (e.g. server FQDN or YOUR name) []:
XixiEmail Address []:
[email protected]
3. Configure Server.xml<connector port= "8443" protocol= "Org.apache.coyote.http11.Http11AprProtocol" sslenabled= "true" maxthreads= "Scheme=" "https" secure= "true" Clientauth= "false" Sslprotocol= "TLSv1" sslcertificatekeyfile= "D:\software\tomcat8032\conf\openssl\rsa-private-key.pem" sslcertificatefile= "D:\software\tomcat8032\conf\openssl\self-signed-cert.pem"/> For the above configuration, configure the APR protocol to be replaced byHttp11aprprotocol, Second,Sslcertificatekeyfile refers to the server-side keystore of OpenSSL,Sslcertificatefile refers to the server-side certificate library (with no private key, only the public key).
SSLCertificateFile |
Name Of the file that contains the server certificate. The format is pem-encoded. in addition to the certificate, the file can also contain as optional elements DH PA Rameters and/or an EC curve name for ephemeral keys, as generated By openssl dhparam and openssl Ecparam , respectively. The output of the respective OpenSSL command can simply is concatenated to the certificate file. This feature needs apr/native version 1.1.34 or later. |
SSLCertificateKeyFile |
Name of the file that contains the server private key. The format is pem-encoded. The default value is the value of "Sslcertificatefile" and the "both certificate" and "Private Key", which has the to being in thi s file (not RECOMMENDED).
|
4. Start
After startup, it is discovered that:
Prior to the visit, the browser sideOpenSSL pkcs12-export-clcerts-in server/Self-signed-cert.pem-inkey server/Rsa-private-key.pem-out SERVER/SERVER.P12 exported as a certificate file in P12 format,This allows the browser to import
After importing, the browser can access:
From for notes (Wiz)
I.windows under Apr installation process
