tomcat 5&6 SSL的配置
2014-02-21 09:44
323 查看
生成服务器证书:
keytool -genkey -v -alias server -keyalg RSA -keystore c:\tomcat.jks -dname "CN=server,OU=nice,O=nice,L=BJ,ST=BJ,C=CN"
-storepass 12345678 -keypass 12345678 -validity 3650
注意:标红的为你得域名,如果是本地则为localhost不然,回报****不匹配的异常,请谨记
--------------------------------------------------------------------------------------------------------------------------------------------------
为客户端生成证书:
keytool -genkey -v -alias mykey -keyalg RSA -storetype PKCS12 -keystore c:\mykey.p12 -dname
"CN=mykey,OU=nice,O=nice,L=BJ,ST=BJ,C=CN" -storepass 12345678 -keypass 12345678 -validity 3650
--------------------------------------------------------------------------------------------------------------------------------------------------
让服务器端信任客户端证书:
keytool -export -alias mykey -keystore c:\mykey.p12 -storetype PKCS12 -storepass 12345678 -rfc -file c:\mykey.cer
keytool -import -v -file c:\mykey.cer -keystore c:\tomcat.jks -storepass 12345678
--------------------------------------------------------------------------------------------------------------------------------------------------
查看证书:
keytool -list -keystore c:\tomcat.jks -storepass 12345678 -v
--------------------------------------------------------------------------------------------------------------------------------------------------
Tomcat5配置SSL单向认证:
server.xml配置
<Connector protocol="org.apache.coyote.http11.Http11AprProtocol"
port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="$./jks/tomcat.jks" keystorePass="12345678"
/>
--------------------------------------------------------------------------------------------------------------------------------------------------
强制跳转SSL:
web.xml增加配置
<login-config>
<!-- Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection>
<web-resource-name>SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
--------------------------------------------------------------------------------------------------------------------------------------------------
Tomcat6.0配置SSL单向认证:
server.xml配置
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="./jks/tomcat.jks" keystorePass="12345678"
/>
--------------------------------------------------------------------------------------------------------------------------------------------------
强制跳转SSL:
web.xml增加配置
<login-config>
<!-- Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection>
<web-resource-name>SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
--------------------------------------------------------------------------------------------------------------------------------------------------
Tomcat6.0配置SSL双向认证:
server.xml配置
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector className="org.apache.coyote.tomcat6.CoyoteConnector"
port="8443" protocol="HTTP/1.1" acceptCount="100"
maxThreads="150" enableLookups="true"
minProcessors="5" maxProcessors="75"
SSLEnabled="true" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="./jks/server.jks" keystorePass="12345678"
truststoreFile="./jks/server.jks" truststorePass="12345678"
/>
keytool -genkey -v -alias server -keyalg RSA -keystore c:\tomcat.jks -dname "CN=server,OU=nice,O=nice,L=BJ,ST=BJ,C=CN"
-storepass 12345678 -keypass 12345678 -validity 3650
注意:标红的为你得域名,如果是本地则为localhost不然,回报****不匹配的异常,请谨记
--------------------------------------------------------------------------------------------------------------------------------------------------
为客户端生成证书:
keytool -genkey -v -alias mykey -keyalg RSA -storetype PKCS12 -keystore c:\mykey.p12 -dname
"CN=mykey,OU=nice,O=nice,L=BJ,ST=BJ,C=CN" -storepass 12345678 -keypass 12345678 -validity 3650
--------------------------------------------------------------------------------------------------------------------------------------------------
让服务器端信任客户端证书:
keytool -export -alias mykey -keystore c:\mykey.p12 -storetype PKCS12 -storepass 12345678 -rfc -file c:\mykey.cer
keytool -import -v -file c:\mykey.cer -keystore c:\tomcat.jks -storepass 12345678
--------------------------------------------------------------------------------------------------------------------------------------------------
查看证书:
keytool -list -keystore c:\tomcat.jks -storepass 12345678 -v
--------------------------------------------------------------------------------------------------------------------------------------------------
Tomcat5配置SSL单向认证:
server.xml配置
<Connector protocol="org.apache.coyote.http11.Http11AprProtocol"
port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="$./jks/tomcat.jks" keystorePass="12345678"
/>
--------------------------------------------------------------------------------------------------------------------------------------------------
强制跳转SSL:
web.xml增加配置
<login-config>
<!-- Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection>
<web-resource-name>SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
--------------------------------------------------------------------------------------------------------------------------------------------------
Tomcat6.0配置SSL单向认证:
server.xml配置
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="./jks/tomcat.jks" keystorePass="12345678"
/>
--------------------------------------------------------------------------------------------------------------------------------------------------
强制跳转SSL:
web.xml增加配置
<login-config>
<!-- Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection>
<web-resource-name>SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
--------------------------------------------------------------------------------------------------------------------------------------------------
Tomcat6.0配置SSL双向认证:
server.xml配置
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector className="org.apache.coyote.tomcat6.CoyoteConnector"
port="8443" protocol="HTTP/1.1" acceptCount="100"
maxThreads="150" enableLookups="true"
minProcessors="5" maxProcessors="75"
SSLEnabled="true" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="./jks/server.jks" keystorePass="12345678"
truststoreFile="./jks/server.jks" truststorePass="12345678"
/>
相关文章推荐
- 记Linux java tomcat增加SSL生成&配置全程步骤
- Tomcat 7下SSL配置出现异常: '/root/.keystore' did not find a matching property
- Tomcat配置&SSL
- linux apache Tomcat配置SSL(https)步骤
- Tomcat使用APR和不使用APR的单向SSL配置
- 【CentOS-5.5】之旅(三)-Tomcat SSL的配置
- Tomcat搭建&配置
- Linux下tomcat配置ssl中报错问题的解决javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExcepti
- 详解 Nginx + Tomcat HTTPS/SSL 配置
- 5分钟内搞定 Tomcat 的 SSL 配置(Windows Platform)【转】
- 5分钟内搞定 Tomcat 的 SSL 配置
- 快速教您Apache + Tomcat + SSL的配置
- 阿里云 Tomcat9.0 配置SSL
- 成功配置了apache tomcat + …
- myeclipse&eclipse配置tomcat端口、配置从根目录访问web项目
- tomcat5.0+mysql配置JDBCRealm,DBCP,ssl,及中文乱码解决详解资料
- jetty tomcat 配置ssl
- linux 配置多个tomcat(本文配…
- 在 TOMCAT 下配置 SSL
- Nginx+tomcat+ssl免费证书配置