Tomcat 8中的SSL:服务器&客户端JKS +客户端公共cer [英] SSL in Tomcat 8: server & client JKS + client public cer

查看:269
本文介绍了Tomcat 8中的SSL:服务器&客户端JKS +客户端公共cer的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我已遵循本指南,以便使用SSL层设置我的Tomcat 8实例,生成客户端和服务器密钥库以及自动签名的公共客户端证书。

I've followed this guide so as to setup my Tomcat 8 instance with SSL layer, producing a client and server keystores and a public client certificate autosigned.

问题是,我想,我真的不知道如何配置Tomcat的连接器...

The issue is, I guess, that I don't really know how to configure Tomcat's Connector...

这里你是我当前的server.xml文件(删除了不必要的注释) :

Here you are my current server.xml file (removed unnecessary comments):

    <?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener"/>

  <Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>

  <GlobalNamingResources>

    <Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/>
  </GlobalNamingResources>

  <Service name="Catalina">

    <Connector connectionTimeout="40000" port="9090" protocol="HTTP/1.1" redirectPort="8443"/>

    <!-- I've also tried using these ones: -->
    <!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" /> -->
    <!--<Connector  clientAuth="true" port="8443" minSpareThreads="5"
                enableLookups="true" disableUploadTimeout="true"
                acceptCount="100" maxThreads="200"
                scheme="https" secure="true" SSLEnabled="true"
                keystoreFile="C:\Program Files\Apache Software Foundation\Tomcat 8.0\keys/server.jks" keystoreType="JKS" keystorePass="triple1327"
                truststoreFile="C:\Program Files\Apache Software Foundation\Tomcat 8.0\keys/server.jks" truststoreType="JKS" truststorePass="triple1327"
                sslProtocol="TLS" />-->

                <!-- Don't work on tomcat8:
                maxSpareThreads="75"
                SSLVerifyClient="require"
                SSLEngine="on"
                SSLVerifyDepth="2"
                -->

        <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
        maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
        clientAuth="true" sslProtocol="TLS" 
        keystoreFile="C:\Program Files\Apache Software Foundation\Tomcat 8.0\keys\server.jks" keystoreType="JKS" keystorePass="triple1327"
        truststoreFile="C:\Program Files\Apache Software Foundation\Tomcat 8.0\keys\server.jks" truststoreType="JKS" truststorePass="triple1327"
                />

        <!-- Define an AJP 1.3 Connector on port 8009 -->
        <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"  />   

    <Engine defaultHost="localhost" name="Catalina">

        <Realm className="org.apache.catalina.realm.LockOutRealm">

        <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
    </Realm>

    <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t &quot;%r&quot; %s %b" prefix="localhost_access_log" suffix=".txt"/>
        <Context path="/rutas" docBase="C:\Users\IN006\cavwebapp" reloadable="true" crossContext="false">
        </Context>
    </Host>

    </Engine>
  </Service>
</Server>

使用此功能,我尝试访问tomcat欢迎页面:

Using this, I've tried to access to the tomcat welcome page:

  • localhost:8443
  • https://localhost
  • https://localhost:8443

但他们都没有工作......

But none of them worked...

任何提示?

谢谢!

编辑

解决方案:

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
       maxThreads="150" scheme="https" secure="true"
       clientAuth="false" sslProtocol="TLS" 
       keystoreFile="/etc/tomcat7/server.jks"
       keystorePass="changeit" />

我已经能够通过 https:// localhost:8443

推荐答案

你的问题缺乏重要的细节,如作为tomcat的日志和密钥库的结构。例如,放在密钥库中的密钥本身可以受密码保护。你想要使用的端口可能已经被占用等等。有很多东西可能出错。

You question lacks important details such as tomcat's log and the structure of your keystore. For example, key placed in the keystore can be password protected itself. The port you want to use can be already occupied, etc, etc. There are many things that can go wrong.

一般情况下,我建议你尽可能保持简单。
试试这个片段:

In common, I can advise you to keep things as simple as you can. Try this snippet:

<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" 
           keystoreFile="/etc/tomcat7/server.jks"
           keystorePass="changeit" />

这篇关于Tomcat 8中的SSL:服务器&amp;客户端JKS +客户端公共cer的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
Java开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆