1. Generate server key
Keytool-genkey-alias tomcat-keyalg RSA-keypass changeit-storepass changeit-keystore server. keystore-validity 3600
F:/bak_e/downloads/safe/Tomcat + SSL> keytool-genkey-alias tomcat-keyalg RSA-Ke
Ypass changeit-storepass changeit-keystore server. keystore-validity 3600
What is your first name and last name?
[UNKNOWN]: MC
What is the name of your organization?
[UNKNOWN]: Test
What is your organization name?
[UNKNOWN]: Test
What is the name of your city or region?
[UNKNOWN]: CD
What is the name of your state or province?
[UNKNOWN]: SC
What is the two-letter country code for this unit?
[UNKNOWN]: CN
CN = MC, ou = test, O = test, L = Cd, St = SC, c = cn?
[No]: Y
Generate server. keystore in the program running directory
2. Import the certificate to the JDK Certificate Trust Library:
Keytool-export-trustcacerts-alias tomcat-file server. cer-keystore server. keystore-storepass changeit
F:/bak_e/downloads/safe/Tomcat + SSL> keytool-export-trustcacerts-alias Tomcat
-File Server. cer-keystore server. keystore-storepass changeit
Authentication stored in the file <server. Cer> [generate server. Cer in the program running Directory]
Keytool-import-trustcacerts-alias tomcat-file server. cer-keystore % java_home %/JRE/lib/security/cacerts-storepass changeit
F:/bak_e/downloads/safe/Tomcat + SSL> keytool-import-trustcacerts-alias tomcat-
File Server. cer-keystore % java_home %/JRE/lib/security/cacerts-storepass Chang
EIT
Owner: Cn = MC, ou = test, O = test, L = Cd, St = SC, c = Cn
Issuer: Cn = MC, ou = test, O = test, L = Cd, St = SC, c = Cn
Serial number: 4733fa88
Validity Period: Fri Nov 09 14:13:28 CST 2007 to Sun sep 17 14:13:28 CST 2017
Certificate fingerprint:
MD5: 3E: 02: 2f: E5: F7: 39: 4f: 4A: F4: 1c: 69: 45: 33: 81: 36: 2D
Sha1: 67: 8d: 7b: FC: 40: D4: 31: 97: 5E: D1: A6: 0d: 71: 70: E8: 3C: E3: 22: FF: 58
Signature algorithm name: sha1withrsa
Version: 3
Trust this certification? [No]: Y
The authentication has been added to the keystore.
3. Copy the above 2 files to the Tomcat root directory [E:/djoa/Apache-Tomcat-5.5.23]
4. Configure Tomcat:
Modify % atat_home %/CONF/server. xml and open it in a text editor to find this line:
XML Code
<! -- Define a ssl http/1.1 Connector on port 8443 -->
Remove the comments from the subsequent sections and add the keystorepass and keystorefile attributes.
Before:
<! -- Define a ssl http/1.1 Connector on port 8443 -->
<! --
<Connector Port = "8443" maxhttpheadersize = "8192"
Maxthreads = "150" minsparethreads = "25" maxsparethreads = "75"
Enablelookups = "false" disableuploadtimeout = "true"
Acceptcount = "100" Scheme = "HTTPS" secure = "true"
Clientauth = "false" sslprotocol = "TLS"/>
-->
<! -- Define an AJP 1.3 connector on port 8009 -->
After:
<! -- Define a ssl http/1.1 Connector on port 8443 -->
<Connector Port = "8443" maxhttpheadersize = "8192"
Maxthreads = "150" minsparethreads = "25" maxsparethreads = "75"
Enablelookups = "false" disableuploadtimeout = "true"
Acceptcount = "100" Scheme = "HTTPS" secure = "true"
Clientauth = "false" sslprotocol = "TLS"
Keystorefile = "server. keystore"
Keystorepass = "changeit"
/>
<! -- Define an AJP 1.3 connector on port 8009 -->
Comment out the 8080 Configuration:
<! -- Define a non-ssl http/1.1 Connector on port 8080 -->
<! -- Connector Port = "8080" maxhttpheadersize = "8192"
Maxthreads = "150" minsparethreads = "25" maxsparethreads = "75"
Enablelookups = "false" redirectport = "8443" acceptcount = "100"
Connectiontimeout = "20000" disableuploadtimeout = "true"/-->
5. start Tomcat. OK !!
My options are tomcat-5.5.23 + win2003.