`

Configuring Tomcat 5.5 for SSL using OpenSSL

阅读更多

转自:http://blogs.dfwikilabs.org/pigui/2007/12/10/configuring-tomcat-55-for-ssl-using-openssl/

 

This post explains step by step actions to enable SSL in Tomcat

  1. Generate an RSA key for signing the certificate:
    openssl genrsa -out key.pem 2048
  2. Generate a certificate using the new key:
    openssl req -new -x509 -key key.pem -out cert.pem -days 365

    Answer the quesstions with your name, organization name, e-mail, etc.

  3. Since the certificate is in PEM format, convert it to PKCS12 for Tomcat:
    openssl pkcs12 -export -in cert.pem -inkey key.pem -out cert.p12 -name tomcat

    Enter a password, don’t leave it blank.

  4. Edit $TOMCAT_HOME/conf/server.xml and modify the SSL connector:
        <Connector port="8443"
             maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
             enableLookups="false" disableUploadTimeout="true"
             acceptCount="100" debug="0" scheme="https" secure="true"
             clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12"
             keystoreFile="conf/cert.p12" keystorePass="password"/>

    Remember to change password with the one typed at 3.

Note: DON’T use a self-signed certificate in a PRODUCTION SITE! Contact with a CA to sign your certificate.

分享到:
评论

相关推荐

Global site tag (gtag.js) - Google Analytics