tomcat的SSL配置
Posted blackswanyucatan
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了tomcat的SSL配置相关的知识,希望对你有一定的参考价值。
Table of Contents
删除别名为tomcat的密钥
keytool -delete -keystore /mnt/c/tmp/test.example.com.keystore -alias tomcat生成别名为tomcat的密钥
keytool -genkey -alias tomcat -keyalg RSA -keystore /mnt/c/tmp/test.example.com.keystore -keyalg RSA -validity 9999 -dname "[email protected], CN=test.example.com, O=Chimps, L=Portland, S=Oregon, C=US, OU=Portland" -ext san=dns:test.example.comtomcat配置密钥存储路径
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="c: mp est.example.com.keystore" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS" />生成证书并通过浏览器导入
keytool -export -alias tomcat -keystore /mnt/c/tmp/test.example.com.keystore -rfc -file /mnt/c/tmp/test.example.com.cer相关参考
链接
https://cloud.tencent.com/document/product/400/4143#4.-tomcat-.E8.AF.81.E4.B9.A6.E9.83.A8.E7.BD.B2
openssl生成脚本
#!/bin/sh
# create self-signed server certificate:
read -p "Enter your domain [www.example.com]: " DOMAIN
echo "Create server key..."
openssl genrsa -des3 -out $DOMAIN.key 1024
echo "Create server certificate signing request..."
SUBJECT="/C=US/ST=Mars/L=iTranswarp/O=iTranswarp/OU=iTranswarp/CN=$DOMAIN"
openssl req -new -subj $SUBJECT -key $DOMAIN.key -out $DOMAIN.csr
echo "Remove password..."
mv $DOMAIN.key $DOMAIN.origin.key
openssl rsa -in $DOMAIN.origin.key -out $DOMAIN.key
echo "Sign SSL certificate..."
openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crt
echo "TODO:"
echo "Copy $DOMAIN.crt to /etc/nginx/ssl/$DOMAIN.crt"
echo "Copy $DOMAIN.key to /etc/nginx/ssl/$DOMAIN.key"
echo "Add configuration in nginx:"
echo "server {"
echo " ..."
echo " listen 443 ssl;"
echo " ssl_certificate /etc/nginx/ssl/$DOMAIN.crt;"
echo " ssl_certificate_key /etc/nginx/ssl/$DOMAIN.key;"
echo "}"以上是关于tomcat的SSL配置的主要内容,如果未能解决你的问题,请参考以下文章