Tomcat configures encrypted connector HTTPS

Symmetric encryption: The same key is used for encryption and decryption.

Asymmetric encryption: Use a pair of keys, public and private keys, the private key is kept by only one party, can not be leaked; the public key can be sent to anyone who requests it.

So how does the party that gets the public key determine if the public key is sent by the server?

This requires a public key to a third-party certification body certification, the generation of digital certificates, the digital certificate contains a public key.

Now that the client is sending a message to the server, how does the server know that the message was sent over by a and not B or C?

　　The client also generates a pair of public and private keys, the private key is kept in its own, and the public key is released outward. The client encrypts the digital signature of the data and data (also called the Message Digest, which is generated by the MD5 algorithm) with the private key and then transmits it to the server side.

The server can be opened with the public key, indicating that a is sent over (not B or C), and then the data is generated with the MD5 algorithm message digest, and the message sent over the digest is consistent with the data has not been tampered with.

Symmetric and asymmetric Encryption comparisons

(1) Symmetric encryption and decryption using the same key, so fast, but because the need to transfer the key in the network, so security is not high.

(2) Asymmetric encryption uses a pair of keys, public and private keys, so security is high, but encryption and decryption slow.

(3) The solution is to encrypt the symmetric encryption key using the asymmetric encryption of the public key, and then send it out, the receiver uses the private key to decrypt the symmetric encryption key, and then the two sides can use symmetric encryption to communicate.

In the actual development, we generally use the symmetric encryption key to transmit the past using the asymmetric encryption algorithm.

(1) Alice needs to make a deal on the bank's website, and her browser first generates a random number as the symmetric key.

(2) Alice's browser requests the public key from the bank's website.

(3) The bank sends the public key to Alice.

(4) Alice's browser uses the bank's public key to encrypt its own symmetric key.

(5) Alice's browser sends the encrypted symmetric key to the bank.

(6) The bank uses the private key to decrypt the symmetric key from Alice's browser.

(7) Alice and the bank can use the symmetric key to encrypt and decrypt the content of the communication.

Tomcat Configure encrypted linker

Generate KeyStore input using the Keytool tool that comes with the JDK:

1,keytool-genkey-alias Tomcat-keyalg RSA, then pay attention to your first and last name fill in the website name such as localhost. Generates a KeyStore file.

2. Place the. keystore file under Tomcat's Conf folder.

3, there is a server.xml file under the Conf folder, configure the Htttps connector, add the parameters Keystorefile and Keystorepass.

If you want to convert all requests to an HTTPS connection, you can modify port 8443 to 443 port and modify the Web. XML under the Conf folder, adding the following paragraph after the <welcom-list-file/> tag.

2. <security-constraint>
4. <!--Authorization setting for SSL --and
6. <web-resource-collection >
8. <web-resource-name >ssl</web-resource-name>
10. <url-pattern>/*</url-pattern>
12. </web-resource-collection>
14. <user-data-constraint>
16. <transport-guarantee>confidential</transport-guarantee>
18. </user-data-constraint>  
20. </security-constraint>

Tomcat configures encrypted connector HTTPS