本文介绍如何使用keytool生成keystore文件并配置Tomcat服务器实现HTTPS访问,包括配置server.xml文件启用SSL连接器及安装SSL证书的过程。
1. 用keytool生成server.keystore文件
keytool -genkey -alias tc-ssl -keyalg RSA -keystore c:\server.keystore -validity 3650
生成完后放入server\default\conf中
2. 配置server\default\deploy\jbossweb-tomcat55.sar\server.xml文件
<!-- SSL/TLS Connector configuration using the admin devl guide keystore -->
<Connector port="8443" address="${jboss.bind.address}"
maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
emptySessionPath="true"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
keystorePass="als123" sslProtocol = "TLS" />
3. 访问https://localhost:8443/jmx-console/index.jsp,可以了。
同时http://localhost:8080/jmx-console/index.jsp也可以访问,如果将http转向到https: 修改WEB应用的web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>An example security config</description>
<url-pattern>/</url-pattern>
<!-- <http-method>GET</http-method>
<http-method>POST</http-method> -->
</web-resource-collection>
<!--<auth-constraint>
<role-name>JBossAdmin</role-name>
</auth-constraint> -->
<user-data-constraint>
<description>Protection should be CONFIDENTIAL</description>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
4.Installing an SSL Certificate
We purchased an SSL Certificate from Verisign.
The company offers excellent documentations and instructions on how to install the certificate on their website. Once you purcahse the certificate Verisign we email the you the certificate only after you go through the process of getting all the information they require to verify the web server and wesite.
Below I included a screenshot of the installation process. It is a simply as using one of the java apache tools to install the certificate in the keystore file.
扫一扫
4216
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
