java 配置 Tomcat 以使用 SSL
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7488848/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Configuring Tomcat to Use SSL
提问by John
My first question - isn't it possible to use https without using a Digital Certificate? My second question - I'm securing few pages within my web application. So added the following
我的第一个问题 - 是否可以在不使用数字证书的情况下使用 https?我的第二个问题 - 我正在保护我的 Web 应用程序中的几个页面。所以添加了以下内容
<security-constraint>
<web-resource-collection>
......
</web-resource-collection>
<auth-constraint>
......
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
I tried running the app and the pages for which ssl is enabled doesn't load. So I went ahead with creating certificate. Added the following in server.xml?
我尝试运行该应用程序,但未加载启用了 ssl 的页面。所以我继续创建证书。在 server.xml 中添加了以下内容?
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
keystoreFile="C:\Program Files\apache-tomcat-7.0.11-windows-x86\apache-tomcat-7.0.11\.keystore"
keystorePass="johneipe"
clientAuth="optional"
sslProtocol="TLS" />
Still I'm unable to access those pages nor https://localhost:8443.
我仍然无法访问这些页面,也无法访问https://localhost:8443。
回答by
Change your protocol to
protocol="org.apache.coyote.http11.Http11Protocol"
将您的协议更改为
protocol="org.apache.coyote.http11.Http11Protocol"
This will solve the issue.
这将解决问题。
回答by Shawn D.
What format of keystore are you using? I believe the default in the Tomcat config is a JKS, but if you're using a PKCS#12 (.p12 or .pfx extension), you'll need to specify that.
Note the keystoreType="PKCS12".
您使用的是什么格式的密钥库?我相信 Tomcat 配置中的默认设置是 JKS,但如果您使用的是 PKCS#12(.p12 或 .pfx 扩展名),则需要指定它。
请注意 keystoreType="PKCS12"。
<Connector port="1443"
maxThreads="200"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" SSLEnabled="true"
keystoreFile="/opt/companyName/tomcat.keystore"
keystoreType="PKCS12"
keystorePass="password"
ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA"
URIEncoding="UTF-8"
/>
