Tomcat设立SSL连接器
1. 产生自签名的服务器认证
比如我的TOMCAT安装目录为D:\Tomcat6.0.35
D:\>keytool -genkeypair -alias tomcat -keyalg RSA -keysize 1024 -validity 365 -keystore /Tomcat6.0.35/conf/keystore
Enter keystore password: 123456
What is your first and last name?
[Unknown]: www.cool.com
What is the name of your organizational unit?
[Unknown]: World
What is the name of your organization?
[Unknown]: China
What is the name of your City or Locality?
[Unknown]: Yingkou
What is the name of your State or Province?
[Unknown]: Liaoning
What is the two-letter country code for this unit?
[Unknown]: CN
Is CN=your name, OU=your organizaion, O="your organization name",
L=your city name, ST=your province name, C=cn correct?
[no]: yes
Enter key password for <tomcat>
(RETURN if same as keystore password): 回车
以上参数配置完后,会在D:\Tomcat6.0.35\conf目录下得到自签名的服务器认证文件keystore
找到D:\Tomcat6.0.35\conf\server.xml文件中的以下代码
<!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true"\clientAuth="false" sslProtocol="TLS" /> -->
将以上这段代码的注释打开,并且追加keystoreFile和keystorePass的配置。
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="D:\Tomcat6.0.35\conf\keystore" keystorePass="123456" />
访问 https://127.0.0.1:8443 ,看到那只熟悉的汤姆猫就算是配置成功啦。