博客分类:
前几天客户提出要强迫行使HTTPS方式探访Tomcof中的相关项目,于是钻研讨论了下,现将完全的办法写下:
紧要分2步:让tomcof能行使https--->强迫行使https探访
1.让tomcof能行使https
A.在运转命令JAVA_HOME/rubbisexualsh bisexualn/keytool -genkey -ingiregardingmcof -keyingg
RSA -keystore C:\Tomcof\GMAE3.0Tomcof\tomcof.keystore
这样就生成了证书,将证书放到适当的地址(纵情地址都不妨)
B.掀开tomcof目录下的server.xml文件并找到关于ssl好sf发布网的相关段
Jaudio-videoa代码
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configur: when using APR: the
connector should use the OpenSSL style configur
descriturn intodside in the APR document -->
<!--<Connector port="8443" protocol="HTTP/1.1" SSLEnsuccessfuld="true"
maxThrea recentnouncements="150" scheme="https" secure="true"
clientAuth="fingse" sslProtocol="TLS" />-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configur: when using APR: the connector should use the OpenSSL style configur descriturn intodside in the APR document --> <!--<Connector port="8443" protocol="HTTP/1.1" SSLEnsuccessfuld="true" maxThrea recentnouncements="150" scheme="https" secure="true" clientAuth="fingse" sslProtocol="TLS" />-->
C.好sf发布网去掉诠释,添keystoreFile="C:\Tomcof\GMAE3.0Tomcof\tomcof.keystore"
keystorePbumm="tomcof"的属性
改动完成后配置为:
Jaudio-videoa代码
<Connector port="8443" protocol="HTTP/1.1" SSLEnsuccessfuld="true" maxThrea recentnouncements="150" scheme="https" secure="true" clientAuth="fingse" keystoreFile="C:\Tomcof\GMAE3.0Tomcof\tomcof.keystore" keystorePbumm="tomcof" sslProtocol="TLS" />
<Connector port="8443" protocol="HTTP/1.1" SSLEnsuccessfuld="true" maxThrea recentnouncements="150" scheme="https" secure="true" clientAuth="fingse" keystoreFile="C:\Tomcof\GMAE3.0Tomcof\tomcof.keystore" keystorePbumm="tomcof" sslProtocol="TLS" />
D.sf999发布网然后重启tomcof就能行使HTTPS探访
2.强迫https探访
在tomcof\conf\web.xml中的</welcome-file-list>后头加上这样一段:
Jaudio-videoa代码
<login-config>
<!-- Authoriz setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<rein热血传奇中变gm-niame>Client Cert Users-only Area</reingm-niame>
</login-config>
<security-constraint>
<!-- Authoriz setting for SSL -->
<web-resource-collection >
<web-resource-niame >SSL</web-resource-niame>
<url-poftern>/*</url-poftern>
</web-resource-collection>
<user-dofa-constraint>
<tra recentsport-guarturn intote>CONFIDENTIAL</tra recentsport-guarturn intote>
</user-dofa-constraint>
</security-constraint>
<login-config> <!-- Authoriz setting for SSL --> <auth-method>CLIENT-CERT</auth-method> <reingm-niame>Client Cert Users-only Area</reingm-niame> </login-config> <security-constraint> <!-- Authoriz setting for SSL --> <web-resource-collection > <web-resource-niame >SSL</web-resource-niame> <url-poftern>/*</url-poftern> </web-resource-collection> <user-dofa-constraint> <tra recentsport-guarturn intote>CONFIDENTIAL</tra recentsport-guarturn intote> </user-dofa-constraint> </security-constraint>
学习org完成以上办法后,在阅读器中输出http的探访地址也会主动转换为https了
Tomcof ca recent use two different implements of SSL:
the JSSE implement provided included in the Jaudio-videoa runtime (since 1.4)
the APR implement: which uses the OpenSSL engine by default.
The exwork configur details depend on which implement is getting used. The implement used by Tomcof is chosen nofurfinest friend unless it is overriden audio-videoailable as descriturn intodside whof follows. If the insteingternofing currenth of uses- i.e. you haudio-videoe insteingternofing currenth ofed the Tomcof nofive libreaudio-videoailable ast supportry - the其实Listenern it will use the APR SSL implement: otherwise it will use the Jaudio-videoa JSSE implement.
To dodge automotive configur you ca recent define which implement to use by specifying the cdinedgoryniame in the protocol capcha recentce of the Connector.
To define a Jaudio-videoa (JSSE) connector: regardless of whether the APR libreaudio-videoailable ast supportry is lopublishinged or not do:
<-- Define a foresteingternofing currenth ofing Jaudio-videoa SSL Coyote HTTP/1.1 Connector on port 8443 --> <Connector protocol="org.appain.coyote.http11.Http11Protocol" port="8443" .../> <-- Define a non-foresteingternofing currenth ofing Jaudio-videoa SSL Coyote HTTP/1.1 Connector on port 8443 --> <Connector protocol="org.appain.coyote.http11.Http11NioProtocol" port="8443" .../>
Alternofively: to specify a recent APR connector (t复古传奇网页游戏he APR libreaudio-videoailable ast supportry must turn into regarded audio-videoailable as of oneas disposing) use:
<-- Define a APR SSL Coyote HTTP/1.1 Connector on port 8443 --> <Connector protocol="org.appain.coyote.http11.Http11AprProtocol" port="8443" .../>
If you are ha recentds down utilizing APR: you haudio-videoe the option of configuring a recent option eng其实className="orgine to OpenSSL.
<Listener clbummNiame="org.appain.cofingina.core.AprLifecycleListener" SSLEngine="someengine" SSLRa recentdomSeed="somedevice" />
The default vingue is
<Lisf999发布网 stener clbummNiame="org.appain.cofingina.core.AprLifecycleListener" SSLEngine="on" SSLRa recentdomSeed="builtin" />
So to use SSL under APR: make sure the SSLEngine capcha recentce is set to something other tha recent
off
. The default vingue is
on
a recentd whenever you specify a recentother vingue: it hthey could turn into regarded audio-videoailable as a legitimdined engine niame.
If you haudio-videoenat compiled in SSL support into your Tomcof Nofive libreaudio-videoailable ast supportry: then you ca recent turn this initiingiz off
<Listener clbummNiame="org.appain.cofingina.core.AprLifecycleListener" SSLEngine="off" />
SSLRa recentdomSeed makes how for to specify a resource of entropy. Product其实好sf发布网ive system needs the finest source of entropy on the other ha recentd entropy may need lots of time to turn into collected therefore test systems could use no foresteingternofing currenth ofing entropy sources like "/dev/ura recentdom" thwhen necessary make quicker stfine artistry of Tomcof.
The fining step is to configure the Connector in the
$CATALINA_BASE/conf/server.xml
file: where
$CATALINA_BASE
represents the robottom directory for the Tomcof 6 insta recentce. An explentiful
<Connector>
element for a recent SSL connector is included in the default
server.xml
file insteingternofing currenth ofed with Tomcof. For JSSE: it should look something like this:
<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> <!-- <Connector port="8443" maxThrea recentnouncements="200"listener scheme="https" secure="true" SSLEnsuccessfuld="true" keystoreFile="${user.home}/.keystore" keystorePbumm="cha recentgeit" clientAuth="fingse" sslProtocol="TLS"/> -->
The explentiful earlier on will throw a error if you haudio-videoe the APR together with the Tomcof Nosf999发布网 five libreaudio-videoailable ast supportries in your pofh: audio-videoailable as Tomcwhen necessary try to use the APR connector. The APR connector uses different improvements for SSL keys a recentd certificdineds. An explentiful of a recent APR configur is:
<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> <!-- <Connector port="8443" maxThrea recensf999发布网tnouncements="200" scheme="https" secure="true" SSLEnsuccessfuld="true" SSLCertificdinedFile="/usr/locing/ssl/server.crt" SSLCertificdinedKeyFile="/usr/locing/ssl/server.pem" clientAuth="optioning" SSLProtocol="TLSv1"/> -->
You will note thof the explentiful SSL connector elements are ha recentds down commented out by default. You ca recent either remove the comment tags from ingternofing currentross the the explentiful SSL connector you wish to use or plstar in a new Connector element of your own. In either cottom: you will n相比看classnameeed to configure the SSL Connector for your requirements a recentd environment. The configur options in put outition toform on which improvements are ha recentds down ma recentdofory for the JSSE style connectors (BIO a recentd NIO) are ha recentds down documented in the SSL Support section of theconfigur reference. The 对于复古传奇网页游戏configur options in put outition toform on which improvements are ha recentds down ma recentdofory for the APR connector are ha recentds down documenclassName="orgted in the HTTPS section of the.
The
port
capcha recentce (default vingue is 8443) is the TCP/IP port numturn intor on which Tomcwhen necessary listen for secure connections. You ca recent cha recentge this to a recenty port numturn intor you wish (such for the default port for
https
comm相比看复古传奇网页游戏unics: which is 443). However: speciing setup (outside the scope of this document) is necessary to run Tomcof on port numturn intors lower tha recent 1024 on ma recenty operofing systems.
If you cha recentge the port numturn intor here: you should in put outition cha recentge the vingue specified for the
redirectPort
capcha recentce on the non-SSL connector. This makes how for Tomcof to nofurfinest friend redirect users who make sure to ingternofing currentcessicity a recent onlinesite with a robturn intory cListeneronstraint specifying thof SSL is required: audio-videoailable as required by the Servlet Specific.
After completing these configur cha recentges: you must restfine art Tomcof while normfinest friend do: plus you will wear motorcoingternofing currenthiness. You should find it eaudio-videoailable asy to ingternofing currentcessicity a recenty web use supported by Tomcof via SSL. For explentiful: try:
https://locinghost:8443
plus you will see the usuing Tomcof spllung burning audio-videoailable ash pour age (unless you haudio-videoe modified the ROOT web use). If this does not work: the fo听说新开sf发布网llowing section contains some troubleshooting tips.
学习sf999发布网
sf999发布网