[英]Java | Apache Tomcat 9 | Read keystore from memory
Apache Tomcat 9 (Java) 中是否有办法从变量中读取 SSL 加密的密钥库,这意味着无需将文件保存为文件的迂回路径保存为文件?
目前我将密钥库传递到 Apache 中,如下代码:
Connector connector = new Connector();
connector.setScheme("https");
connector.setProperty("keyAlias", "alias-test");
connector.setProperty("keystorePass", "testpwd");
connector.setProperty("keystoreType", "PKCS12");
connector.setProperty("keystoreFile", "keystore.pfx");
要使用已配置的KeyStore
,您需要使用适当的setter方法,自 Tomcat 8.5 起为:
SSLHostConfig#setTrustStore
用于受信任的证书,SSLHostConfigCertificate#setCertificateKeyStore
用于包含服务器证书的密钥库。总结起来是这样的:
final KeyStore trustStore = ...
final KeyStore keyStore = ...
// Certificate
final SSLHostConfigCertificate certificate = new SSLHostConfigCertificate();
certificate.setCertificateKeystore(keyStore);
certificate.setCertificateKeyAlias("mykey");
certificate.setCertificateKeyPassword("secret");
// Host SSL configuration
final SSLHostConfig sslHostConfig = new SSLHostConfig();
sslHostConfig.setTrustStore(trustStore);
sslHostConfig.addCertificate(certificate);
// Connector
final Connector connector = new Connector();
connector.setScheme("https");
connector.setSecure(true);
connector.addSslHostConfig(sslHostConfig);
connector.setProperty("SSLEnabled", "true");
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.