Tomcat SSL 配置 [英] Tomcat SSL Configuration

问题描述

我收到了用于 Tomcat 6.0 服务器的 SSL 证书，可以使用了.

I received a SSL cert to use for a Tomcat 6.0 server, ready to use.

我将 Tomcat 配置为在 server.xml 中使用以下内容:

I configured Tomcat to use it with the following in server.xml:

<Connector 
    port="8443" maxThreads="200"
    scheme="https" secure="true" SSLEnabled="true"
    keystoreFile="C:\Tomcat 6.0\ssl\cert" keystorePass="*****"
    clientAuth="false" sslProtocol="TLS"/>

我使用命令提示符启动了 Tomcat，这样我就可以看到发生的任何错误消息.没有.

I started Tomcat using the command prompt so I could see any error message as they happened. There were none.

访问不同网址的结果:

• http://localhost -> 正常页面加载正常
• https://localhost -> 无法找到浏览器声明页面
• https://localhost:8443 -> 无法找到页面
• http://localhost:8443 -> 在接受重定向到 https://localhost(我怀疑 https://url 最初提供了浏览器自动接受的证书，因为它是由 Verisign 颁发的)

• http://localhost -> normal page loads fine
• https://localhost -> browser claims page cannot be found
• https://localhost:8443 -> page cannot be found
• http://localhost:8443 -> offers a certificate, after accepted redirects to https://localhost (I suspect the https:// urls initially offer the certificate which is automatically accepted by the browser, as it was issued by Verisign)

如何解决?

我也试过 port="443".相同的结果.

I've also tried port="443". Same result.

推荐答案

我看起来你在 keystoreFile 属性中引用了一个证书文件......如果该文件实际上是一个证书文件，你应该使用这样的东西

I looks like you referenced a cert file in the keystoreFile attribute... if that file is actually a cert file you should use something like this

SSLCertificateFile="C:\Tomcat 6.0\ssl\cert"

...如果这是正确的(文件是证书)，那么您还需要一个密钥，例如:

... if that is correct (that the file a cert) then you will also need a key, for example:

SSLCertificateKeyFile="C:\Tomcat 6.0\ssl\cert.key"

如果您有 CA 链中需要的中间证书，请添加:

If you have intermediate certs that you need in the CA chain, add:

SSLCertificateChainFile=

这篇关于Tomcat SSL 配置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！