Linux系统下Tomcat6.0配置SSL加密传输
2009-03-18 16:14
357 查看
【小蜗牛闲情之作
】
以下操作配置参考Tomcat的官方网站:http://tomcat.apache.org
Tomcat6.0安装简介:
1、下载最新版本的JDK SE
http://java.sun.com/j2se
如果你的系统有JDK就不需要安装了,不过Tomcat6.0需要jre5.0版本以上来支持运行。
我下载的是Linux平台二进制版本 jdk-6u12-linux-i586.bin
# chmod +x jdk-6u12-linux-i586.bin
# ./jdk-6u12-linux-i586.bin
下面根据提示回答yes解压,然后将jdk移动到/usr/local
# mv jdk1.6.0_12 /usr/local/
# cd /usr/local
# ln -s jdk1.6.0_12 jdk
2、下载Tomcat当前最新的版本,安装到 /usr/local/tomcat:
# wget http://apache.mirror.phpchina.com/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.gz
# tar zxf apache-tomcat-6.0.18.tar.gz -C /usr/local
# cd /usr/local
# ln -s apache-tomcat-6.0.18 tomcat
设置JAVA_HOME环境变量,修改 tomcat/bin/startup.sh, tomcat/bin/shutdown.sh 在前面部分添加以下两行:
JAVA_HOME="/usr/local/jdk"
export JAVA_HOME
(或者修改 /etc/profile 在里面添加上述两行)
启动tomcat测试是否成功:
# cd /usr/local/tomcat
# ./bin/startup.sh
[root@pps tomcat]# ./bin/startup.sh
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME: /usr/local/jdk
在浏览器输入:http://localhost:8080/ 看看那只“猫”是否出来了。
如果Linux没有安装或没启用X界面的话,可以在局域网的机器输入 http://ip:8080 访问。
3、配置SSL加密传输
【概念理解】keystore 是一个密码保护的文件,用来存储密钥和证书
(1)生成一个keystore文件(包含证书),文件位置/usr/local/tomcat/conf/.keystore
# cd /usr/local/jdk/bin/
# ./keytool -genkey -alias tomcat -keyalg RSA -keystore /usr/local/tomcat/conf/.keystore
输入密码、提供你的信息即可。如果不是用来“玩”的话,请如实的填写自己以及单位的信息吧。
【注意】它会在前后问你两次密码,第二次直接回车就行了,如果两个密码不一样,将会出现java.io.IOException错误。详情请见:http://issues.apache.org/bugzilla/show_bug.cgi?id=38217
(2)修改 tomcat/conf/server.xml
启用这一段:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
并修改为:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="/usr/local/tomcat/conf/.keystore"
keystorePass="snailwarrior"
clientAuth="false" sslProtocol="TLS" />
(3)重启Tomcat
# /usr/local/tomcat/bin/shutdown.sh
# /usr/local/tomcat/bin/startup.sh
(4)防火墙开启8443端口
浏览器输入:https://192.168.32.50:8443/
嘿嘿,安全的看到那只“猫”了!
【温馨提示】开启SSL消耗CPU资源
【注意】虚拟机使用SSL有可能出问题,以下是官方网站的信息:
Finally, using name-based virtual hosts a secured connection can be problematic. This is a design limitation of the SSL protocol itself. The SSL handshake, where the client browser accepts the server certificate, must occur before the HTTP request is accessed. As a result, the request information containing the virtual host name cannot be determined prior to authentication, and it is therefore not possible to assign multiple certificates to a single IP address. If all virtual hosts a single IP address need to authenticate against the same certificate, the addition of multiple virtual hosts should not interfere with normal SSL operations the server. Be aware, however, that most client browsers will compare the server's domain name against the domain name listed in the certificate, if any (applicable primarily to official, CA-signed certificates). If the domain names do not match, these browsers will display a warning to the client user. In general, ly address-based virtual hosts are commonly used with SSL in a production environment.
------------------------------------------------------------------------------------------
赵小蜗牛
QQ: 755721501
E-mail: [email]snailwarrior@qq.com[/email]
在不断奉献中谋求生存发展、打造自己的优秀品质,用人性最本质最动人的一面“营销”自己!
】
以下操作配置参考Tomcat的官方网站:http://tomcat.apache.org
Tomcat6.0安装简介:
1、下载最新版本的JDK SE
http://java.sun.com/j2se
如果你的系统有JDK就不需要安装了,不过Tomcat6.0需要jre5.0版本以上来支持运行。
我下载的是Linux平台二进制版本 jdk-6u12-linux-i586.bin
# chmod +x jdk-6u12-linux-i586.bin
# ./jdk-6u12-linux-i586.bin
下面根据提示回答yes解压,然后将jdk移动到/usr/local
# mv jdk1.6.0_12 /usr/local/
# cd /usr/local
# ln -s jdk1.6.0_12 jdk
2、下载Tomcat当前最新的版本,安装到 /usr/local/tomcat:
# wget http://apache.mirror.phpchina.com/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.gz
# tar zxf apache-tomcat-6.0.18.tar.gz -C /usr/local
# cd /usr/local
# ln -s apache-tomcat-6.0.18 tomcat
设置JAVA_HOME环境变量,修改 tomcat/bin/startup.sh, tomcat/bin/shutdown.sh 在前面部分添加以下两行:
JAVA_HOME="/usr/local/jdk"
export JAVA_HOME
(或者修改 /etc/profile 在里面添加上述两行)
启动tomcat测试是否成功:
# cd /usr/local/tomcat
# ./bin/startup.sh
[root@pps tomcat]# ./bin/startup.sh
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME: /usr/local/jdk
在浏览器输入:http://localhost:8080/ 看看那只“猫”是否出来了。
如果Linux没有安装或没启用X界面的话,可以在局域网的机器输入 http://ip:8080 访问。
3、配置SSL加密传输
【概念理解】keystore 是一个密码保护的文件,用来存储密钥和证书
(1)生成一个keystore文件(包含证书),文件位置/usr/local/tomcat/conf/.keystore
# cd /usr/local/jdk/bin/
# ./keytool -genkey -alias tomcat -keyalg RSA -keystore /usr/local/tomcat/conf/.keystore
输入密码、提供你的信息即可。如果不是用来“玩”的话,请如实的填写自己以及单位的信息吧。
【注意】它会在前后问你两次密码,第二次直接回车就行了,如果两个密码不一样,将会出现java.io.IOException错误。详情请见:http://issues.apache.org/bugzilla/show_bug.cgi?id=38217
(2)修改 tomcat/conf/server.xml
启用这一段:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
并修改为:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="/usr/local/tomcat/conf/.keystore"
keystorePass="snailwarrior"
clientAuth="false" sslProtocol="TLS" />
(3)重启Tomcat
# /usr/local/tomcat/bin/shutdown.sh
# /usr/local/tomcat/bin/startup.sh
(4)防火墙开启8443端口
浏览器输入:https://192.168.32.50:8443/
嘿嘿,安全的看到那只“猫”了!
【温馨提示】开启SSL消耗CPU资源
【注意】虚拟机使用SSL有可能出问题,以下是官方网站的信息:
Finally, using name-based virtual hosts a secured connection can be problematic. This is a design limitation of the SSL protocol itself. The SSL handshake, where the client browser accepts the server certificate, must occur before the HTTP request is accessed. As a result, the request information containing the virtual host name cannot be determined prior to authentication, and it is therefore not possible to assign multiple certificates to a single IP address. If all virtual hosts a single IP address need to authenticate against the same certificate, the addition of multiple virtual hosts should not interfere with normal SSL operations the server. Be aware, however, that most client browsers will compare the server's domain name against the domain name listed in the certificate, if any (applicable primarily to official, CA-signed certificates). If the domain names do not match, these browsers will display a warning to the client user. In general, ly address-based virtual hosts are commonly used with SSL in a production environment.
------------------------------------------------------------------------------------------
赵小蜗牛
QQ: 755721501
E-mail: [email]snailwarrior@qq.com[/email]
在不断奉献中谋求生存发展、打造自己的优秀品质,用人性最本质最动人的一面“营销”自己!
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Linux系统下Tomcat6.0配置SSL加密传输
- Linux系统下Tomcat6.0配置SSL加密传输
- tomcat配置ssl加密实现(单向加密)
- Tomcat6.0 SSL的配置
- WAS和IHS配置SSL 加密传输
- windows下tomcat6.0的ssl快速配置
- tomcat6.0+jdk1.6 ssl单向配置
- Tomcat6.0 SSL配置--配置https协议的站点
- Tomcat中的ssl加密配置 粘过来的
- Vsftpd配置SSL加密FTP数据传输
- 在Nginx已经配置ssl加密后如何使用tomcat
- Tomcat中的ssl加密配置
- Tomcat6.0 SSL的配置
- tomcat6.0配置SSL
- Tomcat6.0配置SSL
- tomcat cipher suiters ssl加密套件配置
- Tomcat 6.0 SSL 配置
- Tomcat配置SSL(单向认证)
- Tomcat6.0连接池配置
- Tomcat 8.5 配置 SSL 证书