1.產生 server key
keytool -genkey -alias tomcat -keyalg RSA -keypass changeit -storepass changeit -keystore server.keystore -validity 3600
F:/bak_e/Downloads/safe/tomcat+ssl>keytool -genkey -alias tomcat -keyalg RSA -ke
ypass changeit -storepass changeit -keystore server.keystore -validity 3600
您的名字與姓氏是什嗎?
[Unknown]: mc
您的組織單位名稱是什嗎?
[Unknown]: test
您的組織名稱是什嗎?
[Unknown]: test
您所在的城市或地區名稱是什嗎?
[Unknown]: cd
您所在的州或省份名稱是什嗎?
[Unknown]: sc
該單位的兩字母國家代碼是什麼
[Unknown]: cn
CN=mc, OU=test, O=test, L=cd, ST=sc, C=cn 正確嗎?
[否]: y
在程式運行目錄產生server.keystore
2. 將認證匯入的JDK的認證信任庫中:
keytool -export -trustcacerts -alias tomcat -file server.cer -keystore server.keystore -storepass changeit
F:/bak_e/Downloads/safe/tomcat+ssl>keytool -export -trustcacerts -alias tomcat
-file server.cer -keystore server.keystore -storepass changeit
儲存在檔案中的認證 <server.cer>[在程式運行目錄產生server.cer]
keytool -import -trustcacerts -alias tomcat -file server.cer -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit
F:/bak_e/Downloads/safe/tomcat+ssl>keytool -import -trustcacerts -alias tomcat -
file server.cer -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass chang
eit
所有者:CN=mc, OU=test, O=test, L=cd, ST=sc, C=cn
簽發人:CN=mc, OU=test, O=test, L=cd, ST=sc, C=cn
序號:4733fa88
有效期間: Fri Nov 09 14:13:28 CST 2007 至Sun Sep 17 14:13:28 CST 2017
認證指紋:
MD5:3E:02:2F:E5:F7:39:4F:4A:F4:1C:69:45:33:81:36:2D
SHA1:67:8D:7B:FC:40:D4:31:97:5E:D1:A6:0D:71:70:E8:3C:E3:22:FF:58
簽名演算法名稱:SHA1withRSA
版本: 3
信任這個認證? [否]: y
認證已添加至keystore中
3.copy 上面2檔案到tomcat根目錄裡面[E:/djoa/apache-tomcat-5.5.23]
4.配置TOMCAT :
修改%TOMCAT_HOME%/conf/server.xml,以文字編輯器開啟,尋找這一行:
xml 代碼
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
將之後的那段的注釋去掉,並加上 keystorePass及keystoreFile屬性。
之前:
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<!--
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
之後:
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="server.keystore"
keystorePass="changeit"
/>
<!-- Define an AJP 1.3 Connector on port 8009 -->
再注釋掉8080配置:
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<!--Connector port="8080" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" /-->
5.啟動tomcat,ok!!
我的為:tomcat-5.5.23+win2003
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
