stackoom
  简体   繁体   中英

SSL in Tomcat 8: server & client JKS + client public cer

 原文  2015-05-15 09:58:08       java/ ssl/ ssl-certificate/ tomcat8/ jks

Question

I've followed this guide so as to setup my Tomcat 8 instance with SSL layer, producing a client and server keystores and a public client certificate autosigned.

The issue is, I guess, that I don't really know how to configure Tomcat's Connector...

Here you are my current server.xml file (removed unnecessary comments): 

    <?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener"/>

  <Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>

  <GlobalNamingResources>

    <Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/>
  </GlobalNamingResources>

  <Service name="Catalina">

    <Connector connectionTimeout="40000" port="9090" protocol="HTTP/1.1" redirectPort="8443"/>

    <!-- I've also tried using these ones: -->
    <!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" /> -->
    <!--<Connector  clientAuth="true" port="8443" minSpareThreads="5"
                enableLookups="true" disableUploadTimeout="true"
                acceptCount="100" maxThreads="200"
                scheme="https" secure="true" SSLEnabled="true"
                keystoreFile="C:\Program Files\Apache Software Foundation\Tomcat 8.0\keys/server.jks" keystoreType="JKS" keystorePass="triple1327"
                truststoreFile="C:\Program Files\Apache Software Foundation\Tomcat 8.0\keys/server.jks" truststoreType="JKS" truststorePass="triple1327"
                sslProtocol="TLS" />-->

                <!-- Don't work on tomcat8:
                maxSpareThreads="75"
                SSLVerifyClient="require"
                SSLEngine="on"
                SSLVerifyDepth="2"
                -->

        <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
        maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
        clientAuth="true" sslProtocol="TLS" 
        keystoreFile="C:\Program Files\Apache Software Foundation\Tomcat 8.0\keys\server.jks" keystoreType="JKS" keystorePass="triple1327"
        truststoreFile="C:\Program Files\Apache Software Foundation\Tomcat 8.0\keys\server.jks" truststoreType="JKS" truststorePass="triple1327"
                />

        <!-- Define an AJP 1.3 Connector on port 8009 -->
        <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"  />   

    <Engine defaultHost="localhost" name="Catalina">

        <Realm className="org.apache.catalina.realm.LockOutRealm">

        <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
    </Realm>

    <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t &quot;%r&quot; %s %b" prefix="localhost_access_log" suffix=".txt"/>
        <Context path="/rutas" docBase="C:\Users\IN006\cavwebapp" reloadable="true" crossContext="false">
        </Context>
    </Host>

    </Engine>
  </Service>
</Server>

Using this, I've tried to access to the tomcat welcome page:

But none of them worked...

Any tip?

Thank you!

EDIT

Solution: 

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
       maxThreads="150" scheme="https" secure="true"
       clientAuth="false" sslProtocol="TLS" 
       keystoreFile="/etc/tomcat7/server.jks"
       keystorePass="changeit" />

I've been able to access to it through https://localhost:8443

1 answers

solution1
 2 ACCPTED  2015-05-15 10:51:28

You question lacks important details such as tomcat's log and the structure of your keystore. For example, key placed in the keystore can be password protected itself. The port you want to use can be already occupied, etc, etc. There are many things that can go wrong.

In common, I can advise you to keep things as simple as you can. Try this snippet: 

<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" 
           keystoreFile="/etc/tomcat7/server.jks"
           keystorePass="changeit" />

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Server and Client SSL certificates with the same public key Tomcat + SSL configuration + Client Tomcat 7 ssl client authenitcation Install SSL on Tomcat with certificate .cer Configure Apache tomcat to send SSL certificate to frontend server(act as client) How to configure two way ssl on client and server on tomcat 7 using openssl for ssl certificate generation? How to setup Client authentication with SSL on Tomcat? Database based ssl client authentication in Tomcat tomcat ssl client handshake java error Convert .cer certificate to .jks
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM