步骤1:建立密钥库
Java KeyStore(JKS)是平安证书的存储库。keytool是用于建立和治理密钥库的敕令行实用顺序。JDK和JRE都能够运用此敕令。我们只须要确保JDK或JRE设置了PATH环境变量。
$ keytool -genkey -aliassvr1.tecadmin.net-keyalg RSA -keystore/etc/pki/keystore
输出:
Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]:Rahul KumarWhat is the name of your organizational unit? [Unknown]:WebWhat is the name of your organization? [Unknown]:TecAdmin Inc.What is the name of your City or Locality? [Unknown]:DelhiWhat is the name of your State or Province? [Unknown]:DelhiWhat is the two-letter country code for this unit? [Unknown]:INIs CN=Rahul Kumar, OU=Web, O=TecAdmin Inc., L=Delhi, ST=Delhi, C=IN correct? [no]:yesEnter key password for(RETURN if same as keystore password): Re-enter new password:
步骤2:猎取CA署名的SSL[疏忽自署名用户]
假如要运用自署名SSL证书,则无需实行此步骤。假如要从证书颁布机构购置有用的ssl,则须要先建立CSR,运用以下敕令实行此操纵。
建立CSR:
$ keytool -certreq -keyalg RSA -alias svr1.tecadmin.net -file svr1.csr -keystore /etc/pki/keystore
上面的敕令将提醒输入密钥库暗码并生成CSR文件。运用此CSR并从任一证书颁布机构购置ssl证书。
CA颁布证书后,将具有以下文件: root certificate,intermediate certificate 和Issued certificate by CA。在此例中,文件名是
A. root.crt (root certificate)
B. intermediate.crt (intermediate certificate)
C. svr1.tecadmin.net.crt ( Issued certificate by CA )
装置root certificate:
$ keytool -import -alias root -keystore/etc/pki/keystore-trustcacerts -fileroot.crt
装置intermediate certificate:
$ keytool -import -alias intermed -keystore/etc/pki/keystore-trustcacerts -fileintermediate.crt
装置Issued certificate by CA
$ keytool -import -aliassvr1.tecadmin.net-keystore/etc/pki/keystore-trustcacerts -filesvr1.tecadmin.net.crt
步骤3:设置Tomcat密钥库
如今,转到你的Tomcat装置目次并在你喜好的编辑器中编辑conf/server.xml文件,并按以下所示更新设置。假如须要,也能够将端口从8443变动为其他端口。
<Connector port="8443" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" SSLEnabled="true" scheme="https" secure="true" sslProtocol="TLS" keystoreFile="/etc/pki/keystore" keystorePass="_password_" />
步骤4:重新启动Tomcat
运用init剧本(假如有)重新启动Tomcat效劳,在这个例子中,我们运用的是shell剧本(startup.sh和shutdown.sh)来住手和启动Tomcat。
$ ./bin/shutdown.sh $ ./bin/startup.sh
步骤5:考证装置顺序
由于我们已完成了Tomcat设置所需的一切设置。就能够在步骤2中的设置端口上接见浏览器中的Tomcat。
本篇文章到这里就已悉数完毕了,更多其他精彩内容能够关注ki4网的Java视频教程栏目!
以上就是如安在Tomcat中设置SSL证书的细致内容,更多请关注ki4网别的相干文章!