I.windows under Apr installation process

Source: Internet
Author: User


1. Download and install nativeApr installation and configuration under Windows is simple, you can download the tomcat-native binary version package directly:
The directory structure after download is:
Tcnative-1.dll This library already contains the APR,OPENSSL core engine, and Tomcat-native code, Openssl.exe is the integrated OpenSSL command-line tool; The x64 bit is a 64-bit folder. However, it is worth noting that if you want to use thisOpenssl.exe for certification, you need to manually set up aopenssl.cnf, you can also go to the official network of OpenSSL to download a, you need to set the environment variables:Set OPENSSL_CONF=OPENSSL.CNF

For the above download, for each tomcat may correspond to the tomcat-native different, one of the best way is, in the Tomcat binary media bin directory, there is a corresponding:
After decompression, the same as the above download, except that the version and the current tomcat is the corresponding;
In this step, you can also choose to download the source code, and then compile in the VC, possibly OpenSSL's compilation needs to install the Perl environment.
2.openssl generate KeyStore and certificate library
generate server-side KeyStore)
D:\software\tomcat8032\bin>o penssl.exe genrsa-out rsa-private-key.pem 1024x768Warning:can ' t open config file:/usr/local/ssl/openssl.cnfgenerating RSA private key, 1024x768 bit long modulus.....++++++. ..... ++++++e is 65537 (0x10001)-----------.....
Setting Environment Variables)
D:\software\tomcat8032\bin> Set OPENSSL_CONF=OPENSSL.CNF
build a server-side certificate store)
D:\software\tomcat8032\bin> openssl.exe req-new-x509-nodes-sha1-days 365-key rsa-private-key.pem-out self-signed-cert.pem You is about to being asked to enter information that'll be incorporatedinto your certificate request. What's about-to-enter is called a distinguished Name or a DN. There is quite a few fields but can leave some blankfor some fields there would be a default value,if you enter '. ', t He field would be a left blank.-----Country Name (2 letter code) [AU]: cnState or province name (full name) [Some-state]: BeijingLocality Name (eg, city) []: HaidianOrganization Name (eg, company) [Internet widgits Pty LTD]: CSSOrganizational Unit Name (eg, section) []: GuodianCommon name (e.g. server FQDN or YOUR name) []: XixiEmail Address []: [email protected]

3. Configure Server.xml<connector port= "8443" protocol= "Org.apache.coyote.http11.Http11AprProtocol" sslenabled= "true"                maxthreads= "Scheme=" "https" secure= "true" Clientauth= "false"               Sslprotocol= "TLSv1" sslcertificatekeyfile= "D:\software\tomcat8032\conf\openssl\rsa-private-key.pem" sslcertificatefile= "D:\software\tomcat8032\conf\openssl\self-signed-cert.pem"/> For the above configuration, configure the APR protocol to be replaced byHttp11aprprotocol, Second,Sslcertificatekeyfile refers to the server-side keystore of OpenSSL,Sslcertificatefile refers to the server-side certificate library (with no private key, only the public key).
SSLCertificateFile

Name Of the file that contains the server certificate. The format is pem-encoded.

in addition to the certificate, the file can also contain as optional elements DH PA Rameters and/or an EC curve name for ephemeral keys, as generated By openssl dhparam  and openssl Ecparam , respectively. The output of the respective OpenSSL command can simply is concatenated to the certificate file. This feature needs apr/native version 1.1.34 or later.

SSLCertificateKeyFile

Name of the file that contains the server private key. The format is pem-encoded. The default value is the value of "Sslcertificatefile" and the "both certificate" and "Private Key", which has the to being in thi s file (not RECOMMENDED).



4. Start

After startup, it is discovered that:

Prior to the visit, the browser sideOpenSSL pkcs12-export-clcerts-in server/Self-signed-cert.pem-inkey server/Rsa-private-key.pem-out SERVER/SERVER.P12 exported as a certificate file in P12 format,This allows the browser to import
After importing, the browser can access:




From for notes (Wiz)

I.windows under Apr installation process

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.