tomcat服务器中的SSL证书 [英] SSL certificates in tomcat server

问题描述

我开发了Rest服务并将其部署在tomcat 8服务器中。它与http URL工作正常。我需要为服务器安装SSL证书。

I have developed a Rest service and deployed it in tomcat 8 server. It is working fine with http URL. I have a requirement to install SSL certificate for the server.

但是此服务器上已经有一个服务正在运行，该服务具有SSL证书。

But there is already a service running on this server which has SSL certificate.

现在我的问题是
1）我是否需要为同一台服务器安装另一个SSL证书？
2）我如何发现以前安装的证书属于服务器或服务？
3）如果我安装新的SSL证书，哪些配置更改将包含在server.xml中以进行端口重定向？

Now my questions are 1) do I need to install another SSL certificate for the same server ? 2) How do i find that previously installed certificate belongs to server or service ? 3) if I install new SSL certificate what configuration changes are to be included in server.xml for port redirect ?

请帮助我技术人员。

推荐答案

1）我是否需要为同一台服务器安装另一个SSL证书？

1) do I need to install another SSL certificate for the same server ?

可能不是，具体取决于运行的SSL服务的类型。您需要建立从SSL服务到Tomcat的连接器以在路径中转发SSL请求。通常在Tomcat中使用AJP连接器完成，不需要额外的配置。查看SSL服务的文档

Probably not, depending of the kind of the SSL service running. You need to stablish a connector from the SSL service to Tomcat to forward SSL requests in a path. Usually in Tomcat is done using the AJP connector and is not needed extra configuration. Check the documentation of the SSL Service

2）如何找到以前安装的证书属于服务器或服务？

2) How do i find that previously installed certificate belongs to server or service ?

SSL证书颁发给主机名（或偶尔发给IP），因此它对整个服务器有效

An SSL certificate is issued to a host name (Or infrequently to an IP), so it will be valid for the entire server

3）如果我安装新的SSL证书，哪些配置更改将包含在server.xml中以进行端口重定向？

3) if I install new SSL certificate what configuration changes are to be included in server.xml for port redirect ?

如果以前的SSL服务在标准端口443中运行，则需要一个新端口。使用端口，ssl已激活以及带有证书链的密钥库，在 server.xml 中配置新连接器。请参阅 https://tomcat.apache.org/tomcat-8.0-doc /ssl-howto.html

If the previous SSL service is running in the standard port 443, you will need a new port. Configure a new connector in server.xml with the port, ssl activated and the keystore with the certificate chain. See https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html

<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
       protocol="org.apache.coyote.http11.Http11NioProtocol"
       port="8443" maxThreads="200"
       scheme="https" secure="true" SSLEnabled="true"
       keystoreFile="${user.home}/.keystore" keystorePass="changeit"
       clientAuth="false" sslProtocol="TLS"/>

这篇关于tomcat服务器中的SSL证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！