Java 在 Tomcat 中配置 Truststore
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/21833732/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Configure Truststore in Tomcat
提问by AJF
I have a Java servlet currently running on Tomcat 7 (Windows) and it connects to a SQL Server database. I now need to encrypt this connection and I have a public Key SSL certificate in a keystore. But apparently I have to configure a system property for a "Truststore"and have the truststore set to the keystore.
我有一个当前在 Tomcat 7 (Windows) 上运行的 Java servlet,它连接到 SQL Server 数据库。我现在需要加密此连接,并且我在密钥库中有一个公钥 SSL 证书。但显然我必须为“信任库”配置系统属性并将信任库设置为密钥库。
The keystore location is C:\SSLKeys\appkeystore.key and from what I have found I have to set the Truststore up with the following;
密钥库位置是 C:\SSLKeys\appkeystore.key,根据我的发现,我必须使用以下内容设置 Truststore;
Djavax.net.ssl.trustStore=C:\SSLKeys\appkeystore.key
Djavax.net.ssl.trustStorePassword=appkeystorePassword
But how do I set these please? I have tried it in the command line but that doesn't seem to work. I don't want to hard code these in the Java as I need them to be configurable.
但是我该如何设置这些?我已经在命令行中尝试过,但这似乎不起作用。我不想在 Java 中对这些进行硬编码,因为我需要它们是可配置的。
Can these be set in the Catalina.batfile in Tomcat? If so where in the file do I put the command?
这些可以Catalina.bat在Tomcat的文件中设置吗?如果是这样,我应该将命令放在文件中的哪个位置?
采纳答案by AJF
I think I may have found how, or at least one way of doing this. Someone please tell me if there is a better way of processing this. In the Tomcat\bin folder, where the catalina.bat file is I created a setenv.bat file and in there I declared the two Java option properties for;
我想我可能已经找到了这样做的方法,或者至少找到了一种方法。有人请告诉我是否有更好的处理方法。在 Tomcat\bin 文件夹中,catalina.bat 文件所在的位置我创建了一个 setenv.bat 文件,并在其中声明了两个 Java 选项属性;
set JAVA_OPTS="-Djavax.net.ssl.trustStore=C:\path\to\keystore.key" "-Djavax.net.ssl.trustStorePassword=************"
Apparently when Tomcat is started it initiates the catalina.bat file and the catalina.bat file determines if a setenv.bat file exists and if so runs this file to set the Java options.
显然,当 Tomcat 启动时,它会启动 catalina.bat 文件,catalina.bat 文件确定是否存在 setenv.bat 文件,如果存在,则运行此文件以设置 Java 选项。
Again someone please correct me if I am wrong and advise of any better way of doing this. Although apparently where Tomcat is set up as a Windows service the options above are input through the tomcatXw.exe to initiate the Tomcat console and the Java tab is selected.
如果我错了,请再次有人纠正我,并建议任何更好的方法。尽管显然 Tomcat 设置为 Windows 服务,但上面的选项是通过 tomcatXw.exe 输入以启动 Tomcat 控制台并选择 Java 选项卡。
回答by celezar
You need to change server.xml file for this. You can find it in conf directory.
您需要为此更改 server.xml 文件。您可以在 conf 目录中找到它。
First uncomment these lines:
首先取消注释这些行:
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
and then change it something like this
然后像这样改变它
Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
disableUploadTimeout="true" enableLookups="false" maxThreads="25"
port="8443" keystoreFile="C:\SSLKeys\appkeystore.key" keystorePass="password"
protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
secure="true" sslProtocol="TLS" />
回答by HeCodes
Incase anybody else is having this question, here is what I did:
1. Navigate to \tomcatDirectory\bin\
2. Edit the catalina.sh/bat depending on you machine.
3. Add these properties to the JAVA_OPTS property
如果其他人有这个问题,我就是这样做的:
1. 导航到 \tomcatDirectory\bin\
2. 根据您的机器编辑 catalina.sh/bat。
3. 将这些属性添加到 JAVA_OPTS 属性中
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=$CATALINA_HOME/certificates/truststore.ks -Djavax.net.ssl.trustStorePassword=truststorePassword -server"
This will essentially tell tomcat to use the specified truststore instead of the default cacertstruststore which tomcat loads if it does not find any truststore specified in the system properties.
这基本上会告诉 tomcat 使用指定的信任库而不是默认的cacerts信任库,如果它没有找到系统属性中指定的任何信任库,tomcat 会加载该信任库。
Also, I have noticed that it is possible to define the truststore in tomcat's main configuration file server.xml. All you have to do is set these properties in the connectorproperty.
另外,我注意到可以在 tomcat 的主配置文件server.xml 中定义信任库。您所要做的就是在连接器属性中设置这些属性。
<Connector port="8443" maxThreads="500"
server="Apache"
scheme="https" secure="true" SSLEnabled="true" acceptCount="500"
keystoreFile="/apps/content/certificates/keystore.ks" keystorePass="keystorepass"
truststoreFile="/apps/content/certificates/truststore.ks" truststorePass="truststorePassword"/>
Try it out, Hope it helps!
试试看,希望有帮助!
回答by Ng Sek Long
The recommended answer only works for Tomcat deployed in Windows, I found that the below works for me in Linuxserver:
推荐的答案仅适用于部署在 Windows 中的 Tomcat,我发现以下适用于Linux服务器:
TOMDOGEDIRECTORY/bin/setenv.sh[You need to create this file yourself]
TOMDOGEDIRECTORY /斌/ setenv.sh[你需要自己创建这个文件]
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/opt/meh_tuststove.jks"
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStorePassword=muchsecure"
export JAVA_OPTS
