Ubuntu Tomcat How to configure HTTPS

Reference documents:

Http://www.cnblogs.com/xwdreamer/p/3466661.html (the latter part needs to be modified)

Http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html

http://blog.sina.com.cn/s/blog_682b5aa1010113uu.html (Chinese, more practical )

Https://help.ubuntu.com/community/TomcatSSL

http://blog.csdn.net/fjssharpsword/article/details/6851969 (server and client certificates )

Background

This article takes Ubuntu environment as an example to illustrate the specific circumstances such as under

OS : ubuntu-server_12.04

TOMCAT_HOME:/USR/LOCAL/TOMCAT7 , installation method reference: registering Tomcat as a service under Windows and Linux

java_home:/usr/lib/jvm/jdk1.7.0_45 , installation method reference: install JDK under Ubuntu and configure the Java Environment

General Ideas

Server-side

1.withJDKBring your ownKeytoolBuildKeyStorefile
 1)Open the terminal console and turnTomcathome directory, performing buildKeyStorefile command, the function of this command is toTomcatThe home directory is generatedServer.keystorefile, set here.Server.keystorethe password isenvisi0n, this password will be used in the back..

keytool-genkey-alias tomcat-keyalg rsa-keypassenvisi0n-storepass envisi0n-keystore server.keystore-validity3600

2) according to KeyStore file to generate a certificate, the purpose of this command is to Tomcat The home directory is generated Server.cer certificate File .

Keytool-export-trustcacerts-alias Tomcat-fileserver.cer-keystore Server.keystore-storepass Envisi0n

3)%tomcat_home%\conf\server.xml, find this section and cancel the comment

< Connector Port = "8443" Protocol = "http/1.1" sslenabled = "true" MaxThreads = "Max" Scheme = "https" Secure = "true" ClientAuth = "false" Sslprotocol = "TLS" />

and add Keystorefile and the Keystorepass , as shown :

< Connector Port = "8443" Protocol = "http/1.1" sslenabled = "true"

MaxThreads = "Max" Scheme = "https" Secure = "true"

ClientAuth = "false" Sslprotocol = "TLS"

keystorefile = "/usr/local/tomcat7/server.keystore"

Keystorepass = "envisi0n  " />

4) After you get the certificate from the second step above, import the certificate into the JDK of the Cacerts Library, perform the following life make

Sudo/usr/lib/jvm/java-7-openjdk-amd64/bin/keytool-import-trustcacerts-alias Tomcat-file server.cer-keystore/usr/ Lib/jvm/java-7-openjdk-amd64/jre/lib/security/cacerts-storepass Changeit

Client:

One-way authentication is not required to import user certificates. Use Firefox to trust the URL. If you want to know how a client generates and imports a certificate, two-way verification, you can refer to http://blog.csdn.net/fjssharpsword/article/details/6851969.

Ubuntu Tomcat How to configure HTTPS