{"id":125,"date":"2019-11-27T02:32:41","date_gmt":"2019-11-27T02:32:41","guid":{"rendered":"http:\/\/www.betterit360.com\/?p=125"},"modified":"2019-11-27T02:32:41","modified_gmt":"2019-11-27T02:32:41","slug":"tomcat%e7%9a%84ssl%e8%af%81%e4%b9%a6%e9%85%8d%e7%bd%ae","status":"publish","type":"post","link":"http:\/\/www.betterit360.com\/?p=125","title":{"rendered":"Tomcat\u7684SSL\u8bc1\u4e66\u914d\u7f6e"},"content":{"rendered":"\n

\u4e00\u3001PFX\u683c\u5f0f<\/p>\n\n\n\n

\u4eceTomcat7\u5f00\u59cb\u652f\u6301PFX\u683c\u5f0f\u8bc1\u4e66\uff0cPFX\u683c\u5f0f\u53ea\u9002\u7528tomcat7 \u53ca\u5176\u4ee5\u4e0a\u7684\u7248\u672c<\/strong><\/p>\n\n\n\n

a.\u627e\u5230\u5b89\u88c5Tomcat\u76ee\u5f55\u4e0b\u6587\u4ef6server.xml,\u4e00\u822c\u9ed8\u8ba4\u8def\u5f84\u90fd\u662f\u5728 conf \u6587\u4ef6\u5939\u4e2d\u3002\u627e\u5230<Connection port=”8443″ \u6807\u7b7e\uff0c\u589e\u52a0\u5982\u4e0b\u5c5e\u6027\uff1a<\/p>\n\n\n\n

keystoreFile=”cert\/ 214002146520484.pfx”<\/p>\n\n\n\n

keystoreType=”PKCS12″<\/p>\n\n\n\n

keystorePass=”\u8bc1\u4e66\u5bc6\u7801”<\/p>\n\n\n\n

\u6ce8\uff1a214002146520484.pfx \u4e3a\u8bc1\u4e66\u6587\u4ef6\u540d <\/p>\n\n\n\n

\u5b8c\u6574\u7684\u914d\u7f6e\u5982\u4e0b\uff0c\u5176\u4e2dport\u5c5e\u6027\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u4fee\u6539\uff1a<\/p>\n\n\n\n

<Connector port=”443″<\/p>\n\n\n\n

protocol=”org.apache.coyote.http11.Http11NioProtocol”<\/p>\n\n\n\n

SSLEnabled=”true”<\/p>\n\n\n\n

scheme=”https”<\/p>\n\n\n\n

secure=”true”<\/p>\n\n\n\n

keystoreFile=”ssl\/214002146520484.pfx” \/\/\u8bc1\u4e66\u8def\u5f84\u5730\u5740<\/p>\n\n\n\n

keystoreType=”PKCS12″<\/p>\n\n\n\n

keystorePass=”\u8bc1\u4e66\u5bc6\u7801” \/\/\u8bc1\u4e66\u5bc6\u7801<\/p>\n\n\n\n

clientAuth=”false”<\/p>\n\n\n\n

SSLProtocol=”TLSv1+TLSv1.1+TLSv1.2″<\/p>\n\n\n\n

ciphers=”TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,<\/p>\n\n\n\n

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,<\/p>\n\n\n\n

TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256″\/><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

\u4e8c\u3001JKS\u683c\u5f0f<\/p>\n\n\n\n

a. \u4f7f\u7528java jdk\u5c06PFX\u683c\u5f0f\u8bc1\u4e66\u8f6c\u6362\u4e3aJKS\u683c\u5f0f\u8bc1\u4e66<\/p>\n\n\n\n

keytool -importkeystore -srckeystore domains_ssl.pfx -destkeystore domains.jks -srcstoretype PKCS12 -deststoretype JKS<\/p>\n\n\n\n

\u56de\u8f66\u540e\u8f93\u5165JKS\u8bc1\u4e66\u5bc6\u7801\u548cPFX\u8bc1\u4e66\u5bc6\u7801\uff0c\u5f3a\u70c8\u63a8\u8350\u5c06JKS\u5bc6\u7801\u4e0ePFX\u8bc1\u4e66\u5bc6\u7801\u76f8\u540c\uff0c\u5426\u5219\u53ef\u80fd\u4f1a\u5bfc\u81f4Tomcat\u542f\u52a8\u5931\u8d25\u3002\u5982\u4e0b<\/p>\n\n\n\n

Enter destination keystore password:<\/p>\n\n\n\n

Re-enter new password:<\/p>\n\n\n\n

Enter source keystore password:<\/p>\n\n\n\n

Entry for alias alias successfully imported.<\/p>\n\n\n\n

Import command completed: 1 entries successfully imported, 0 entries failed or cancelled<\/p>\n\n\n\n

\u5f53\u7136\u7f51\u4e0a\u4e5f\u6709\u5f88\u591a\u7684\u8bc1\u4e66\u683c\u5f0f\u8f6c\u6362\u5de5\u5177\uff0c\u65b9\u4fbf\u6211\u4eec\u8fdb\u884c\u8bc1\u4e66\u683c\u5f0f\u7684\u8f6c\u6362\u3002<\/p>\n\n\n\n

b.\u627e\u5230\u5b89\u88c5 Tomcat \u76ee\u5f55\u4e0b\u6587\u4ef6server.xml\uff0c\u4e00\u822c\u9ed8\u8ba4\u8def\u5f84\u90fd\u662f\u5728 conf \u6587\u4ef6\u5939\u4e2d\u3002\u627e\u5230<Connection port=”8443″ \u6807\u7b7e\uff0c\u5b8c\u6574\u7684\u914d\u7f6e\u5982\u4e0b\uff0c\u5176\u4e2dport\u5c5e\u6027\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u4fee\u6539\uff1a<\/p>\n\n\n\n

<Connector port=”443″ protocol=”HTTP\/1.1″ SSLEnabled=”true”<\/p>\n\n\n\n

maxThreads=”150″ scheme=”https” secure=”true”<\/p>\n\n\n\n

keystoreFile=”conf\/www.domain.com.jks” \/\/\u8bc1\u4e66\u8def\u5f84\u5730\u5740<\/p>\n\n\n\n

keystorePass=”\u5bc6\u7801” \/\/\u8bc1\u4e66\u5bc6\u7801<\/p>\n\n\n\n

clientAuth=”false” sslProtocol=”TLS” \/><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

\u6216\u8005\uff1a<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

\u91cd\u542f Tomcat\uff0c\u901a\u8fc7 https \u65b9\u5f0f\u8bbf\u95ee\u7ad9\u70b9\uff0c\u6d4b\u8bd5\u7ad9\u70b9\u8bc1\u4e66\u662f\u5426\u6b63\u786e\u5b89\u88c5\u914d\u7f6e\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"

\u4e00\u3001PFX\u683c\u5f0f \u4eceTomcat7\u5f00\u59cb\u652f\u6301PFX\u683c\u5f0f\u8bc1\u4e66\uff0cPFX\u683c\u5f0f\u53ea\u9002\u7528tomcat7 \u53ca\u5176\u4ee5\u4e0a\u7684\u7248\u672c a.\u627e … \u7ee7\u7eed\u9605\u8bfb\u201cTomcat\u7684SSL\u8bc1\u4e66\u914d\u7f6e\u201d<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"http:\/\/www.betterit360.com\/index.php?rest_route=\/wp\/v2\/posts\/125"}],"collection":[{"href":"http:\/\/www.betterit360.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.betterit360.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.betterit360.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.betterit360.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=125"}],"version-history":[{"count":0,"href":"http:\/\/www.betterit360.com\/index.php?rest_route=\/wp\/v2\/posts\/125\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.betterit360.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=125"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.betterit360.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=125"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.betterit360.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=125"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}