The server enables https and https.

Source: Internet
Author: User
Tags ssl certificate

The server enables https and https.

Enable Tomcat https service

When publishing enterprise-level applications, an issue occurs: After IOS7.1, the app URL must start with https, so the server must support https.

Lab environment: Mac OSX, win7, Tomcat 7.0, JDK 1.7

1. Environment Construction
1. install tomcat
A.: http://tomcat.apache.org/download-70.cgi

B. Download the Tomcat version of your machine.
2. Install JDK

Tomcat needs to install the corresponding JDK or it cannot run.

 

Ii. Create a self-Signed CA certificate (Root Certificate)

There are two steps to create a CA certificate:

1. Create a private key file:

Opensslgenrsa-out myCA. key 2048

The private key is named myCA. key.

2. Create the root certificate:

Openssl req-x509-new-key myCA. key-out myCA. cer-days 730-subj/CN = "My CustomCA"

The root certificate is named myCA. cer and the organization name is My Custom CA.

3. Create a self-Signed SSL Certificate (leaf Certificate)

1. Create a private key first:

Opensslgenrsa-out server. key 2048

The private key is named server. key.

2. Create a CSR:

Opensslreq-new-out server. req-key server. key-subj/CN = 127.0.0.1/CN = 192.168.31.128/CN = localhost

Assume that the IP address of the server is 192.168.2.1. The output file is server. req.

3. Use CSR to create an SSL certificate:

Opensslx509-req-in server. req-out server. cer-CAkey myCA. key-CA myCA. cer-days36500-CAcreateserial-CAserial server. serial

Here we assume that the validity period is July 22, 100, the output file is server. cer, and the serial number file is server. serial (used when the certificate is revoked ).

4. Export the. key and. cer files as. p12 certificates:

Opensslpkcs12-export-in server. cer-inkey server. key-out server. p12-name "server"

Enter the certificate password twice according to the command prompt. Assume that the password is keypass. The output file name is server. p12.

5. Import the. p12 file to java keystore:

Keytool-importkeystore-v-srckeystore server. p12-srcstoretype pkcs12-srcstorepass keypass-destkeystore server. keystore-deststoretype jks-deststorepass keypass

Here we assume that the keystore file name is server. keystore, And the keystore password is keypass.

4. Use SSL certificates

Put the final obtained keystore file (server. keystore) on the web server. For example, in the conf directory of the Tomcat directory.

Then modify server. xml:

<Connectorport = "8443" protocol = "org. apache. coyote. http11.Http11Protocol" SSLEnabled = "true"

MaxThreads = "150" scheme = "https" secure = "true"

KeystoreFile = "D:/CA/server. keystore" keystorePass = "keypass"

ClientAuth = "false" sslProtocol = "TLS"/>

Restart Tomcat and access the https service at the following address:

Https: // localhost: 8443/or https: // 192.168.2.1: 8443 /.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.