[英]How to Enable SSL/HTTPS on Tomcat 7 on RHEL
I have a Java application which I am running on RHEL server. 我有一个Java应用程序,我在RHEL服务器上运行。 I want to enable SSL on tomcat 7 on RHEL.
我想在RHEL上的tomcat 7上启用SSL。 I am following this tutorial .
我正在学习本教程 。
I used this command to to create a self-signed certificate. 我使用此命令创建自签名证书。
keytool -genkey -alias mkyong -keyalg RSA -keystore c:\mkyongkeystore
But on running https://localhost:8443/
I am not getting anything and I am enable to configure Tomcat to support SSL Or https. 但在运行
https://localhost:8443/
我没有得到任何东西,我启用配置Tomcat以支持SSL或https。
A) Create a keystore file to store the server's private key and self-signed certificate by executing the following command: A)通过执行以下命令创建密钥库文件以存储服务器的私钥和自签名证书:
keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/tomcat6/keystore keytool -genkey -alias tomcat -keyalg RSA -keystore / etc / tomcat6 / keystore
B) Uncomment the "SSL HTTP/1.1 Connector" entry in /etc/tomcat6/server.xml and modify as described in the Configuration section below (this is only an example, edit your own configuration and just uncomment it and provide the correct password). B)取消注释/etc/tomcat6/server.xml中的“SSL HTTP / 1.1 Connector”条目,并按照下面的Configuration部分所述进行修改(这只是一个示例,编辑您自己的配置,只需取消注释并提供正确的密码)。
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="want" SSLProtocol="TLS"
keystoreFile="conf/keystore"
truststoreFile="conf/keystore"
keystorePass="XXXXXX"
keystoreType="PKCS12"
ciphers="SSL_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
TLS_ECDH_anon_WITH_AES_256_CBC_SHA"
truststorePass="XXXXXXXXXXXXXXX" />
C) If you are using selinux, you may need to relabel newly created keystore file context. C)如果您使用的是selinux,则可能需要重新标记新创建的密钥库文件上下文。 Use RHEL SELinux guide how to do that.
使用RHEL SELinux指南如何做到这一点。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.