Tomcat Configuration SSL (8443

Create a certificate

The certificate is an important key in the single sign-on authentication system, the client's mutual security on the server is the certificate; This tutorial is a demonstration so you can use the JDK's own keytool tool to generate the certificate, if you really want to use in the product environment to buy the certificate provider, Certificate certification is generally certified by VeriSign, Chinese official website: http://www.verisign.com/cn/

Generate the certificate with the Keytool tool that comes with the JDK:

Keytool-genkey-alias Wsria-keyalg Rsa-keystore D:/keys/wsriakey

No diagram does not give force, there is a picture of the truth:

The specific input picture has the description, one point I want to explain, after entering the password is prompted to enter the domain name is the sso.wsria.com, actually this domain name does not exist, but I for the demonstration so virtual this domain name, the technique is to modify

C:\Windows\System32\drivers\etc\hosts

Add content as follows:

127.0.0.1 sso.wsria.com

So when you visit sso.wsria.com, you're actually visiting 127.0.0.1, which is the native

Critical Reminder : You cannot enter an IP address when prompted for a domain name

Third, export the certificate

D:\keys>keytool-export-file D:/keys/wsria.crt-alias Wsria-keystore D:/keys/wsriakey

Special Tip: If prompted:

Keytool Error:java.io.IOException:Keystore was tampered with, or password was incorrect

Then please enter the password:Changeit

Here's some color:

Now that the export certificate is complete, you can distribute it to the application's JDK, and then explain how the client's JVM imports the certificate.

Iv. importing certificates for the client's JVM

Keytool-import-keystore D:\tools\jdk\1.6\jdk1.6.0_20\jre\lib\security\cacerts-file D:/keys/wsria.crt-alias Wsria

Some color to see:

Special Instructions

D:\tools\jdk\1.6\jdk1.6.0_20\jre\lib\security--is the directory of the JRE, or the password you just entered. Now that the certificate has been created, exported, and imported to the client JVM, this tutorial uses Tomcat, starting with the certificate to the Web server.

V. Application certificate to Web server-tomcat

Say is the application started to do is to enable the Web server (TOMCAT) SSL, which is the HTTPS encryption protocol, why encryption I will not have to wordy ... Ready for a clean tomcat, this tutorial uses the apache-tomcat-6.0.29 to open the Tomcat directory's Conf/server.xml file, open the comment code for 83 and 87 lines, and set the Keystorefile, The results of the Keystorepass modification are as follows:

XML code"Quality=" High "type=" Application/x-shockwave-flash "pluginspage=" Http://www.macromedia.com/go/getflashplayer " >

1. <</span>Connector Port= "8443" protocol=" http/1.1 " sslenabled=" true "
3. &NBSP;                             =   scheme =" https "   secure =" true "    
5. &NBSP;                             =   sslprotocol =" TLS "      
7. &NBSP;                     keystorefile =" D:/keys/wsriakey "    
9. &NBSP;                     keystorepass =" wsria.com "    
11. />  

 parameter Description:

• Keystorefile: Key storage location created in the first step
• Keystorepass: password when creating a certificate

Well, to this Tomcat SSL enablement is complete, now you can start Tomcat to try it out, for example in this tutorial enter the address: https://sso.wsria.com:8443/
The Open is:

Browser Prompts for certificate error

OK, then we click "Continue to this website (not recommended)." "Now go into the Tomcat directory, and if so you are a step closer to success."

----------------------------------------------------------------------

Error Summary:

Tomcat starts error after configuring 8443

You need protocol to change
Protocol= "Org.apache.coyote.http11.Http11Protocol"

Tomcat Configuration SSL (8443