The latest research on NGINX+TOMCAT configuration HTTs. In fact, it is relatively simple. Knowledge some of these processes, if not clear, still tend to be dizzy. Here's a simple share.
First the server uses NGINX to load two tomcat. It is easy to misunderstand that the certificate of Nginx and Tomcat need to be related, but it is not. The configuration of Nginx and Tomcat is independent. You can do it as two jobs.
Let's talk about what files are required for server installation.
TOMCAT:CSR file JKs file get the Tomcat server certificate and intermediate certificate from the service provider
NGINX:CSR file key File The certificate file obtained from the service provider (here is one less than Tomcat intermediate certificate, because the Nginx certificate itself contains the server certificate and intermediate certificate, if the CSR is the same when the application is provided, then the certificate here is actually tomcat A file that is a server certificate and intermediate certificate. Open it with the document editor and you'll see.)
Request Nginx and Tomcat certificate files. There are two ways to do this:
The first type (Nginx and Tomcat use their respective CSR files):
1. Generate the Tomcat JKS on the server and generate the CSR through JKS. Reference: https://www.trustasia.com/help/tomcat6x-generate-csr.htm
Special attention is paid to the use of aliases and passwords to keep in mind. Because you need to be consistent when you follow the certificate.
2. Generate Nginx CSR file and key file on the server. Reference: https://www.trustasia.com/help/nginx-generate-csr.htm
You can also easily use the online build tool: https://www.trustasia.com/tools/csr-generator/
There are many articles on the Internet, so there is not much to say. It is important to note that the CSR generated here is only used in Nginx. The Tomcat server must have JKS (this can also be kestore, which is essentially a container for key storage).
After the above two departments can get Nginx CSR files and Tomcat's CSR file. Submit the two CSR applications separately. The corresponding certificate file can be obtained.
The second type (Nginx and Tomcat use the same CSR file)
1. Generate the Tomcat JKS on the server and generate the CSR through JKS. Reference: https://www.trustasia.com/help/tomcat6x-generate-csr.htm
Special attention is paid to the use of aliases and passwords to keep in mind. Because you need to be consistent when you follow the certificate.
A 2.NGINX CSR can use Tomcat's CSR. This way we have to generate Nginx key file via Tomcat's JKs file. Reference: http://blog.csdn.net/maotongbin/article/details/51064272
Through the CSR request to obtain the certificate file, you will find the Nginx certificate file, is actually a Tomcat two certificate files to a file.
Finally, two calibration methods are provided:
CSR Check: https://cryptoreport.websecurity.symantec.com/checker/views/csrCheck.jsp
Certificate, CSR, key are consistent:
Symfile:ssl2016>openssl x509-noout-modulus-in certificate. CRT | OpenSSL MD5 (stdin) = 5880ddf3067e9d36c50ae7efbb9d7377 Symfile:ssl2016>openssl req-noout-modulus-in CSR file. CSR | OpenSSL MD5 (stdin) = 5880ddf3067e9d36c50ae7efbb9d7377 symfile:ssl2016>openssl rsa-noout-modulus-in key file. Key | OpenSSL MD5 (stdin) = A36797b0dd727418868a8ca0f59343e2
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
