This article describes how to configure SSL support in Tomcat.
1. It is easier to configure SSL support in Tomcat. There are several steps:
(1) If the JVM version is earlier than 1.3, You need to download JSSE, which is a Java SSL support library. Since JDK 1.4, JSSE has b
own root certificate to verify that a server's certificate is valid.
If you want to provide a valid certificate, the server's certificate must be signed from a certificate authority such as VeriSign so that the browser can verify the pass, otherwise the browser gives a warn
Curl: (+) SSL certificate problem:unable to get local issuer certificate error, Curlissuer
This issue occurs because the trusted server HTTPS authentication is not configured. By default, curl is set to not trust any CAs, which means that it does not trust any server authentication. Therefore, this is why the browser cannot access your server over HTTPS. When th
directly into the browser so that the browser can use its own root certificate to verify that a server's certificate is valid.
If you want to provide a valid certificate, the server's certificate must be signed from a certification authority such as VeriSign so that the browser can verify the pass, otherwise the brows
certificate, the server certificate must be signed by a certificate authority such as VeriSign so that the browser can pass the verification. Otherwise, the browser will give a warning that the certificate is invalid.The fee for applying for a certificate signature is dozen
and rename it ca. CRT.
# Cp cacert. pem ca. CRT
Copy codeStep 3. Edit SSL. conf
# Cd/usr/local/Apache/Conf
Copy codeEdit SSL. conf
Specify the server certificate location
Sslcertificatefile/usr/local/Apache/CONF/SSL. CRT/server. CRT
Specify the server
Curl: (60) SSL certificate problem: unable to get local issuer certificate error, curlissuer
This problem occurs because HTTPS authentication is not configured for a trusted server. By default, cURL is set to not trust any CAs, that is, it does not trust any server authentication. Therefore, this is why the browser cannot access your server over HTTPs. When this
from Http://www.cnblogs.com/P_Chou/archive/2010/12/27/https-ssl-certification.htmlGlobal trusted SSL Digital certificate request: http://www.shuzizhengshu.comIn the Internet Secure Communication mode, the most used is HTTPS with SSL and digital certificates to ensure the security of transmission and authentication. Thi
Global trusted SSL Digital certificate request: http://www.shuzizhengshu.comIn the Internet Secure Communication mode, the most used is HTTPS with SSL and digital certificates to ensure the security of transmission and authentication. This article has been traced around this model for a brief discussion.noun explanationFirst explain some of the above nouns:
Certificate Online ToolIf you are applying for the SSL certificate for the first time, if you are unfamiliar with how your server uses SSL certificates, we recommend that you use this set of tools, which support all SSL server certificat
some documents here. I use a ca. Sh provided by OpenSSL to sign the certificate, rather than sign. Sh in mod_ssl.
Using the OpenSSL syntax to generate a certificate has many restrictions, such as the Directory and key location. It is troublesome. I tried it for several days and finally gave up. If you are interested, refer to the OpenSSL manual.
Step 1: Install
:\keystore.jks-trustcacerts-storepass password-keypass password-file D:\serv Er.cer650) this.width=650; "Width=" 677 "height=" alt= "Import server Certificate" src= "http://www.evtrust.com/support/images/ Jboss-ssl-6.png "/>When you import a server certificate, the alias of the server certificate must be the same as th
website is different from a common Web site. It uses the "HTTPS" protocol instead of the common "HTTP" protocol. Therefore, its URL (Uniform Resource Locator) format is "https: // website domain name "."
Next, let's take a look at how to use the SSL channel for encryption and authentication after we use the iis web service.The SSL communication port is 443 by default. Therefore, it is best to disable the
lower than that of symmetric encryption and decryption algorithms. Therefore, SSL uses asymmetric cryptographic algorithms to negotiate keys during the handshake process, and uses symmetric encryption and decryption methods to Encrypt transmission of HTTP content. The following is a metaphor for the image of this process (from http://blog.chinaunix.net/u2/82806/showart_1341720.html ):
Assume that a communicates with B, A is an
company such as verisign (of course, along with hundreds of dollars ), after your certificate request is verified, the CA uses its Private Key signature to form a formal certificate and send it back to you. The administrator can import the certificate on the web server. If you don't want to spend that money, or want to understand the principle, you can do it you
Before learning about the multi-domain wildcard SSL Certificate, we will first introduce the multi-domain certificate, also known as San certificate or UCC certificate, multi-domain certificates are described as follows:Multi-domain San/ucc
1. After OpenSSL is installed, find OpenSSL. CnF in the/usr/lib/SSL directory (for Ubuntu system, use whereis to check the SSL directory) and copy it to the working directory.
2. Create a New democafolder under the Work directory, create the new files index.txt and serial in the folder, and then create a newcerts folder. Add the character 01 to serial.
Mkdir democa
CD democa
Touch./{serial, index.txt}
Add 0
-clcerts-in client/client. CRT-inkey client/client-key.pem-out client/client. p12
4.4.2.5 install a trusted root certificateRename Ca/ca-key.pem to Ca/ca-key.cer, and use "tool 'Internet options' content 'certificate' import" in client IE to import the CA root certificate we generated, make it a trusted ca.
4.4.3 install
- Srcstorepass Yourpkcs12pass-alias Tomcat #重启服务器/mnt/web/tomcat/tomcat8/bin/restartup.sh 2, the scheduled task script has, but also need to add a regular script in Linux task, here with the Linux-brought Cron to handle this part. CRONTAB-E Add the following in an open editor (1th per month, 3 o'clock in the morning update) 0 0 3 * * sh/mnt/web/lets/ssl_auto_auth.sh >/dev/null 2>1
Manually create an HTTPS
proof the site is who and what it claims to be. in certain cases, the server may also request a certificate from your web browser, asking for proof thatYouAre who you claim to be. this is known as "client authentication," although in practice this is used more for business-to-business (B2B) transactions than with individual users. most SSL-enabled web servers do not request client authentication.HTTPS and
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.