tomcat ssl 怎么配置pem 和key文件

时间:2013.09.03 发布人:CN4230758
tomcat ssl 怎么配置pem 和key文件

已解决问题

谷歌CN4230758用户在2013.09.03提交了关于“胜者为王tomcat ssl 怎么配置pem 和key文件”的提问,欢迎大家涌跃发表自己的观点。目前共有1个回答,最后更新于2024-05-08T03:52:25。希望大家能够帮助她。

详细问题描述及疑问:期待您的答案,当代劳模,所有人都应该向你学习 !

希望以下的回答,能够帮助你。

第1个回答

用户名:emlypk  

下载APR依赖:APR1.2+developmentheaders(libapr1-devpackage)
下载OpenSSL依赖:OpenSSL0.9.7+dev责elopmentheader权阻子则应实余置s(libssl-devpackage)
准备依赖包
解压缩tomcat_home/b企维更孔的孔材够呼宣记in/tomcat-native.tar.gz
进入目录:tomcat-native-1.1.20-来自src/jni/native详细安装见此目录下的BUILDING文件
执行exportJ**A_h**OME=/prog/j**a/jdk设置JDK
执行:./configure--with-apr=/usr/bin--with-ssl=/usr/bin
执行问答:m**e
执行:sudom**einstall-->安装到/usr/local/apr/li乐b
执行:ln-s/us象顾等财呀r/local/ap波游解棉演美负此普务r/lib/***.so$JAVA_h**OME/jre/lib/amd64/
重新启动tomcat看到:
S矿亲究做略异克ep3,20109:56:17PMorg.apache.catalina.core.AprLifecycleListe华斤饭进处进nerinit
INFO:LoadedAPRbasedApacheTomcatNativelibrary1.1.20.
Sep3,20109:56:18PMorg.apache.catalina.core.AprLifecycleListenerinit
INFO:A得PRcapabilities:IPv6[true],sendfile[true],acceptfilters[false],random[true].
Sep3,20109:56:18PMorg.apache.catalina.core.A亲prLifecycleListenerlifecycleEvent
INFO:FailedtoinitializetheSSLEngine.
Sep3,20109:56:18PMorg.apache.coyote.http11.h**ttp11轮自源营留势素AprProtocolinit
INF事派马耐异头山O:InitializingCoyoteh**TTP/1.1onhttp-8782
Sep3,2010图投宜送验破写亮无9:56:18PMorg.apache.coyote.ajp.AjpAprProtocolinit
INFO:InitializingCoyoteAJP/1.3onajp-8711
Sep3,20109:56:18PMorg.apache.catalina.startup.Catalinaload
INFO:Initializationprocessedin840ms

配置SSL

非APR的SSL配置步骤
创建keystore:
jdk/bin/keytool-genkey-keysto威业步流永retomcat.k讲领章具谈eystore-aliastomcat-keyalgRSA

把tomcat.keystore放入${user.home}目录中,就是你的用户目录,当然你可以放入其他目录阿中
修改tomcat的server.xml,增加Connector:

Xml代码
APR环境的SSL配置(ssl不使用apr):
<Connectorport="9145"SS引但LEnabled="true"scheme="https"secure="true"clientAuth="false"sslProtocol="TLS"
URIEncoding="UTF-8"
keystoreFile="${user.home}/tomcat.keystore"keystorePass="cms4g-proxy-PaSsWoRd"
maxThreads="20"
/>
如果还是按照上面的#非APR的SSL配置步骤进行ssl配置,那么需要这么做:
在Connector中配置protocol=org.apache.coyote.http11.h**ttp11NioProtocol
<Connectorport="9145"SSLEnabled="true"scheme="https"secure="true"clientAuth="false"sslProtocol="TLS"
protocol="org.apache.coyote.http11.h**ttp11NioProtocol"
URIEncoding="UTF-8"
keystoreFile="${user.home}/tomcat.keystore"keystorePass="cms4g-proxy-PaSsWoRd"
maxThreads="20"
/>

但启动时会提示错误:FailedtoinitializetheSSLEngine.
Sep3,201010:49:42PMorg.apache.catalina.core.AprLifecycleListenerinit
INFO:LoadedAPRbasedApacheTomcatNativelibrary1.1.20.
Sep3,201010:49:43PMorg.apache.catalina.core.AprLifecycleListenerinit
INFO:APRcapabilities:IPv6[true],sendfile[true],acceptfilters[false],random[true].
Sep3,201010:49:43PMorg.apache.catalina.core.AprLifecycleListenerlifecycleEvent
INFO:FailedtoinitializetheSSLEngine.
Sep3,201010:49:43PMorg.apache.coyote.http11.h**ttp11AprProtocolinit
INFO:InitializingCoyoteh**TTP/1.1onhttp-8782
Sep3,201010:49:43PMorg.apache.tomcat.util.net.NioSelectorPoolgetSharedSelector
INFO:Usingasharedselectorforservletwrite/read
Sep3,201010:49:43PMorg.apache.coyote.http11.h**ttp11NioProtocolinit
INFO:InitializingCoyoteh**TTP/1.1onhttp-9145
Sep3,201010:49:43PMorg.apache.coyote.ajp.AjpAprProtocolinit
INFO:InitializingCoyoteAJP/1.3onajp-8711
Sep3,201010:49:43PMorg.apache.catalina.startup.Catalinaload
INFO:Initializationprocessedin1162ms

虽然提示信息:FailedtoinitializetheSSLEngine.但ssl依然可以正常运行,要抑制此信息只要修改server.xml配置apr的sslengine=off即可,如
<ListenerclassName="org.apache.catalina.core.AprLifecycleListener"SSLEngine="off"/>

启动信息
Sep3,201010:51:53PMorg.apache.catalina.core.AprLifecycleListenerinit
INFO:LoadedAPRbasedApacheTomcatNativelibrary1.1.20.
Sep3,201010:51:53PMorg.apache.catalina.core.AprLifecycleListenerinit
INFO:APRcapabilities:IPv6[true],sendfile[true],acceptfilters[false],random[true].
Sep3,201010:51:54PMorg.apache.coyote.http11.h**ttp11AprProtocolinit
INFO:InitializingCoyoteh**TTP/1.1onhttp-8782
Sep3,201010:51:54PMorg.apache.tomcat.util.net.NioSelectorPoolgetSharedSelector
INFO:Usingasharedselectorforservletwrite/read
Sep3,201010:51:54PMorg.apache.coyote.http11.h**ttp11NioProtocolinit
INFO:InitializingCoyoteh**TTP/1.1onhttp-9145
Sep3,201010:51:54PMorg.apache.coyote.ajp.AjpAprProtocolinit
INFO:InitializingCoyoteAJP/1.3onajp-8711
Sep3,201010:51:54PMorg.apache.catalina.startup.Catalinaload
INFO:Initializationprocessedin1081ms