SSL in Tomcat 8: server amp; client JKS + client public cer(Tomcat 8 中的 SSL:服务器 amp;客户端 JKS + 客户端公共 cer)
问题描述
我已按照本指南设置我的带有 SSL 层的 Tomcat 8 实例,生成客户端和服务器密钥库以及自动签名的公共客户端证书.
I've followed this guide so as to setup my Tomcat 8 instance with SSL layer, producing a client and server keystores and a public client certificate autosigned.
问题是,我想,我真的不知道如何配置 Tomcat 的连接器...
The issue is, I guess, that I don't really know how to configure Tomcat's Connector...
这是我当前的 server.xml 文件(删除了不必要的注释):
Here you are my current server.xml file (removed unnecessary comments):
<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
<Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
<GlobalNamingResources>
<Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/>
</GlobalNamingResources>
<Service name="Catalina">
<Connector connectionTimeout="40000" port="9090" protocol="HTTP/1.1" redirectPort="8443"/>
<!-- I've also tried using these ones: -->
<!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" /> -->
<!--<Connector clientAuth="true" port="8443" minSpareThreads="5"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:Program FilesApache Software FoundationTomcat 8.0keys/server.jks" keystoreType="JKS" keystorePass="triple1327"
truststoreFile="C:Program FilesApache Software FoundationTomcat 8.0keys/server.jks" truststoreType="JKS" truststorePass="triple1327"
sslProtocol="TLS" />-->
<!-- Don't work on tomcat8:
maxSpareThreads="75"
SSLVerifyClient="require"
SSLEngine="on"
SSLVerifyDepth="2"
-->
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="C:Program FilesApache Software FoundationTomcat 8.0keysserver.jks" keystoreType="JKS" keystorePass="triple1327"
truststoreFile="C:Program FilesApache Software FoundationTomcat 8.0keysserver.jks" truststoreType="JKS" truststorePass="triple1327"
/>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine defaultHost="localhost" name="Catalina">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>
<Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t "%r" %s %b" prefix="localhost_access_log" suffix=".txt"/>
<Context path="/rutas" docBase="C:UsersIN006cavwebapp" reloadable="true" crossContext="false">
</Context>
</Host>
</Engine>
</Service>
</Server>
使用这个,我尝试访问 tomcat 欢迎页面:
Using this, I've tried to access to the tomcat welcome page:
- 本地主机:8443
- https://localhost
- https://localhost:8443
但它们都不起作用......
But none of them worked...
有什么建议吗?
谢谢!
编辑
解决方案:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/etc/tomcat7/server.jks"
keystorePass="changeit" />
我已经能够通过 https://localhost:8443
推荐答案
你的问题缺少重要的细节,比如tomcat的日志和你的keystore的结构.例如,放置在密钥库中的密钥本身可以受到密码保护.您要使用的端口可能已经被占用,等等等等.有很多事情可能会出错.
You question lacks important details such as tomcat's log and the structure of your keystore. For example, key placed in the keystore can be password protected itself. The port you want to use can be already occupied, etc, etc. There are many things that can go wrong.
一般来说,我可以建议您尽量保持简单.试试这个片段:
In common, I can advise you to keep things as simple as you can. Try this snippet:
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/etc/tomcat7/server.jks"
keystorePass="changeit" />
这篇关于Tomcat 8 中的 SSL:服务器 &客户端 JKS + 客户端公共 cer的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
本文标题为:Tomcat 8 中的 SSL:服务器 &客户端 JKS + 客户端公共 cer
基础教程推荐
- 如何对 HashSet 进行排序? 2022-01-01
- Java 中保存最后 N 个元素的大小受限队列 2022-01-01
- 首次使用 Hadoop,MapReduce Job 不运行 Reduce Phase 2022-01-01
- 如何在不安装整个 WTP 包的情况下将 Tomcat 8 添加到 Eclipse Kepler 2022-01-01
- 在螺旋中写一个字符串 2022-01-01
- 如何强制对超级方法进行多态调用? 2022-01-01
- 由于对所需库 rt.jar 的限制,对类的访问限制? 2022-01-01
- Spring Boot Freemarker从2.2.0升级失败 2022-01-01
- 如何使用 Stream 在集合中拆分奇数和偶数以及两者的总和 2022-01-01
- 如何使用 Eclipse 检查调试符号状态? 2022-01-01
