[英]SSL in Tomcat 8: server & client JKS + client public cer
我已按照本指南進行操作,以便使用SSL層設置我的Tomcat 8實例,生成客戶端和服務器密鑰庫以及自動簽名的公共客戶端證書。
我想問題是我真的不知道如何配置Tomcat的連接器...
這是我當前的server.xml文件(已刪除不必要的注釋):
<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
<Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
<GlobalNamingResources>
<Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/>
</GlobalNamingResources>
<Service name="Catalina">
<Connector connectionTimeout="40000" port="9090" protocol="HTTP/1.1" redirectPort="8443"/>
<!-- I've also tried using these ones: -->
<!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" /> -->
<!--<Connector clientAuth="true" port="8443" minSpareThreads="5"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:\Program Files\Apache Software Foundation\Tomcat 8.0\keys/server.jks" keystoreType="JKS" keystorePass="triple1327"
truststoreFile="C:\Program Files\Apache Software Foundation\Tomcat 8.0\keys/server.jks" truststoreType="JKS" truststorePass="triple1327"
sslProtocol="TLS" />-->
<!-- Don't work on tomcat8:
maxSpareThreads="75"
SSLVerifyClient="require"
SSLEngine="on"
SSLVerifyDepth="2"
-->
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="C:\Program Files\Apache Software Foundation\Tomcat 8.0\keys\server.jks" keystoreType="JKS" keystorePass="triple1327"
truststoreFile="C:\Program Files\Apache Software Foundation\Tomcat 8.0\keys\server.jks" truststoreType="JKS" truststorePass="triple1327"
/>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine defaultHost="localhost" name="Catalina">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>
<Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t "%r" %s %b" prefix="localhost_access_log" suffix=".txt"/>
<Context path="/rutas" docBase="C:\Users\IN006\cavwebapp" reloadable="true" crossContext="false">
</Context>
</Host>
</Engine>
</Service>
</Server>
使用此方法,我嘗試訪問tomcat歡迎頁面:
但是他們都沒有工作...
有小費嗎?
謝謝!
編輯
解:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/etc/tomcat7/server.jks"
keystorePass="changeit" />
我已經能夠通過https:// localhost:8443訪問它
您提出的問題缺少重要的詳細信息,例如tomcat的日志和密鑰庫的結構。 例如,放置在密鑰庫中的密鑰本身可以受密碼保護。 您要使用的端口可能已經被占用,等等,等等。有很多事情可能出錯。
通常,我可以建議您使事情盡可能簡單。 試試以下代碼片段:
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/etc/tomcat7/server.jks"
keystorePass="changeit" />
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.