使用Pem文件在Tomcat上启用SSL [英] Enabling SSL on tomcat using pem file
问题描述
i我想在我的tomcat 8服务器上启用或配置https,这需要我配置证书路径.我已经收到.pem文件,如何使用此.pem文件在tomcat上配置https?
i Want to enable or configure https on my tomcat 8 server, This requires me to configure certificate paths. i have received .pem file, how do i use this .pem file to configure https on tomcat ?
推荐答案
尽管大多数回答都集中在问题时支持的Tomcat的7.0和8.0版本,但自8.5.2版(2016年5月)以来,直接使用PEM文件,而无需转换为PKCS12文件.
While most answer concentrate on versions 7.0 and 8.0 of Tomcat that were supported at the time of the question, since version 8.5.2 (May 2016) it is possible to use PEM files directly without conversion to a PKCS12 file.
您可以:
- 按照从叶到根的顺序将PEM编码的私钥和所有证书放入单个文件(假设
conf/cert.pem)并使用:
<Connector port="443" SSLEnabled="true" secure="true" scheme="https">
<SSLHostConfig>
<Certificate certificateFile="conf/cert.pem" />
</SSLHostConfig>
</Connector>
强烈建议不要在同一文件中存储私钥和证书.
Storing both private key and certificate in the same file is highly discouraged.
- 将私钥放入
conf/privkey.pem中,并将证书(按通常的顺序)放入conf/cert.pem中并使用:
- put the private key in
conf/privkey.pemand the certificates (in the usual order) inconf/cert.pemand use:
<Connector port="443" SSLEnabled="true" secure="true" scheme="https">
<SSLHostConfig>
<Certificate certificateFile="conf/cert.pem"
certificateKeyFile="conf/privkey.pem" />
</SSLHostConfig>
</Connector>
- 使用三个单独的文件:例如私钥使用
conf/privkey.pem,服务器证书使用conf/cert.pem,中间证书使用conf/chain.pem并使用: - use three separate files: e.g.
conf/privkey.pemfor the private key,conf/cert.pemfor the server certificate andconf/chain.pemfor the intermediary certificates and use:
<Connector port="443" SSLEnabled="true" secure="true" scheme="https">
<SSLHostConfig>
<Certificate certificateFile="conf/cert.pem"
certificateKeyFile="conf/privkey.pem"
certificateChainFile="conf/chain.pem" />
</SSLHostConfig>
</Connector>
所有三种连接器类型均支持此配置: NIO , NIO2 和 APR .
This configuration is supported for all three connector types: NIO, NIO2 and APR.
这篇关于使用Pem文件在Tomcat上启用SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
