目前共有1篇帖子。 字体大小:较小 - 100% (默认)▼  内容转换:不转换▼
 
点击 回复
188 0
CentOS7的tomcat开启https
一派掌门 二十级
1楼 发表于:2024-10-29 13:47

centos7可通过yum安装tomcat。

tomcat安装好之后,用以下两个命令生成tomcat.keystore自签名证书:

keytool -genkey -v -alias keystoreKey -keyalg RSA -validity 3650 -keystore /home/oct1158/config/tomcat/tomcat.keystore

里面除了密码外,其他字段全部都可以留空,默认值为Unknown。

keytool -importkeystore -srckeystore /home/oct1158/config/tomcat/tomcat.keystore -destkeystore /home/oct1158/config/tomcat/tomcat.keystore -deststoretype pkcs12

 

修改tomcat的配置文件/etc/tomcat/server.xml,取消注释Define a SSL HTTP/1.1 Connector on port 8443下面的Connector节点,添加keystoreFile="/home/oct1158/config/tomcat/tomcat.keystore" keystorePass="密钥"这两个属性。

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               keystoreFile="/home/oct1158/config/tomcat/tomcat.keystore" keystorePass="xxxxxx"
               clientAuth="false" sslProtocol="TLS" />

 

修改好之后重启tomcat服务器:sudo systemctl restart tomcat


测试https:

$ wget https://localhost:8443/ --no-check-certificate
--2024-10-29 05:43:12--  https://localhost:8443/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:8443... connected.
WARNING: cannot verify localhost's certificate, issued by ‘/C=Unknown/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=Unknown’:
  Self-signed certificate encountered.
    WARNING: certificate common name ‘Unknown’ doesn't match requested host name ‘localhost’.
HTTP request sent, awaiting response... 404 Not Found
2024-10-29 05:43:12 ERROR 404: Not Found.

 

经测试,XP的IE8无法访问https(原因未知),但XP下的firefox52.9esr可以成功访问https,只是提示自签名证书不合法。

回复帖子

内容:
用户名: 您目前是匿名发表
验证码:
(快捷键:Ctrl+Enter)
 

本帖信息

点击数:188 回复数:0
评论数: ?
作者:巨大八爪鱼
最后回复:巨大八爪鱼
最后回复时间:2024-10-29 13:47
 
©2010-2025 Purasbar Ver2.0
除非另有声明,本站采用知识共享署名-相同方式共享 3.0 Unported许可协议进行许可。