Tomcat配置SSL证书

这篇具有很好参考价值的文章主要介绍了Tomcat配置SSL证书。希望对大家有所帮助。如果存在错误或未考虑完全的地方,请大家不吝赐教,您也可以点击"举报违法"按钮提交疑问。

本地配置ssl证书

为了更好的再服务器上配置ssl证书,先在本上上熟悉流程。本地不需要类似阿里云的证书,借助java的keytool帮助生成离线的证书。

keytool -genkey -alias ceshi -storetype PKCS12 -keyalg RSA -keystore D:\Java\apache-tomcat-9.0.55-windows-x64\apache-tomcat-9.0.55\conf\https.keystore

该命令会在指向的地址位置生成一个名为https.keystore的证书

tomcat ssl,Linux,tomcat,ssl,java

进入该步骤后需要注意的密钥需要记住,之后还要用的,名字与姓氏要填域名即localhost其他的随便填即可。

如下在指定的目录下生成了证书:
tomcat ssl,Linux,tomcat,ssl,java
配置证书加密访问,对于http协议来说,80是默认端口,若项目在其他端口上则需要带上端口号http://localhost:8080,对于https来说,443是默认端口号,若项目在其他端口上则也要带上端口号https://localhost:8443

接下来配置本地的https协议访问,已经生成了离线的证书,需要配置证书及监听的端口号,在server.xml文件中进行如下配置:

<?xml version="1.0" encoding="UTF-8"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<!-- Note:  A "Server" is not itself a "Container", so you may not
     define subcomponents such as "Valves" at this level.
     Documentation at /docs/config/server.html
 -->
<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <!-- Security listener. Documentation at /docs/config/listeners.html
  <Listener className="org.apache.catalina.security.SecurityListener" />
  -->
  <!-- APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <!-- Global JNDI resources
       Documentation at /docs/jndi-resources-howto.html
  -->
  <GlobalNamingResources>
    <!-- Editable user database that can also be used by
         UserDatabaseRealm to authenticate users
    -->
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <!-- A "Service" is a collection of one or more "Connectors" that share
       a single "Container" Note:  A "Service" is not itself a "Container",
       so you may not define subcomponents such as "Valves" at this level.
       Documentation at /docs/config/service.html
   -->
  <Service name="Catalina">

    <!--The connectors can use a shared executor, you can define one or more named thread pools-->
    <!--
    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
        maxThreads="150" minSpareThreads="4"/>
    -->


    <!-- A "Connector" represents an endpoint by which requests are received
         and responses are returned. Documentation at :
         Java HTTP Connector: /docs/config/http.html
         Java AJP  Connector: /docs/config/ajp.html
         APR (HTTP/AJP) Connector: /docs/apr.html
         Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
    -->
    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" URIEncoding="UTF-8"/>


     
     <!--https测试-->
      <!-- certificateKeystoreFile 用于指定证书所在的目录 ;
 		certificateKeystorePassword 用于指定证书的密码;
		type是使用的加密算法-->
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
              maxThreads="150" schema="https" secure="true" SSLEnabled="true">
      <SSLHostConfig>
        <Certificate
          certificateKeystoreFile="conf/https.keystore" 
          certificateKeystorePassword="Xwh190823" type="RSA"
        />
      </SSLHostConfig>
    </Connector>


    <!-- A "Connector" using the shared thread pool-->
    <!--
    <Connector executor="tomcatThreadPool"
               port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    -->
    <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
         This connector uses the NIO implementation. The default
         SSLImplementation will depend on the presence of the APR/native
         library and the useOpenSSL attribute of the
         AprLifecycleListener.
         Either JSSE or OpenSSL style configuration may be used regardless of
         the SSLImplementation selected. JSSE style configuration is used below.
    -->
    <!--
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>
    -->
    <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
         This connector uses the APR/native implementation which always uses
         OpenSSL for TLS.
         Either JSSE or OpenSSL style configuration may be used. OpenSSL style
         configuration is used below.
    -->
    <!--
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
               maxThreads="150" SSLEnabled="true" >
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
                         certificateFile="conf/localhost-rsa-cert.pem"
                         certificateChainFile="conf/localhost-rsa-chain.pem"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>
    -->

    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <!--
    <Connector protocol="AJP/1.3"
               address="::1"
               port="8009"
               redirectPort="8443" />
    -->

    <!-- An Engine represents the entry point (within Catalina) that processes
         every request.  The Engine implementation for Tomcat stand alone
         analyzes the HTTP headers included with the request, and passes them
         on to the appropriate Host (virtual host).
         Documentation at /docs/config/engine.html -->

    <!-- You should set jvmRoute to support load-balancing via AJP ie :
    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
    -->
    <Engine name="Catalina" defaultHost="localhost">

      <!--For clustering, please take a look at documentation at:
          /docs/cluster-howto.html  (simple how to)
          /docs/config/cluster.html (reference documentation) -->
      <!--
      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
      -->

      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
           via a brute-force attack -->
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <!-- This Realm uses the UserDatabase configured in the global JNDI
             resources under the key "UserDatabase".  Any edits
             that are performed against this UserDatabase are immediately
             available for use by the Realm.  -->
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

        <!-- SingleSignOn valve, share authentication between web applications
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
        -->

        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />

      </Host>
    </Engine>
  </Service>
</Server>

文件时全部的配置,来看https的部分:


     <!--https测试-->
      <!-- certificateKeystoreFile 用于指定证书所在的目录 ;
 		certificateKeystorePassword 用于指定证书的密码;
		type是使用的加密算法-->
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
              maxThreads="150" schema="https" secure="true" SSLEnabled="true">
      <SSLHostConfig>
        <Certificate
          certificateKeystoreFile="conf/https.keystore" 
          certificateKeystorePassword="123456" type="RSA"
        />
      </SSLHostConfig>
    </Connector>

监听的端口为8443,这个certificateKeystoreFile配置项填你生成证书的位置,certificateKeystorePassword这个填之前的密钥。就可以了!!!没错配置https就这么简单,只需要这就行就可以了,启动tomcat服务器即可。

keytool 错误: java.io.IOException: Invalid keystore format

在配置的过程中还遇到了一个问题keytool 错误: java.io.IOException: Invalid keystore format,出现这个问题的原因时jdk版本问题,不要使用高本版的jdk,用jdk8就可以了,在构建https.keystore是用的是jdk11导致tomcat一致报上面的错误,将jdk回退到jdk8之后就没问了。

配置完后进入bin目录开启tomcat服务器,通过http协议访问:http://localhost:8080

tomcat ssl,Linux,tomcat,ssl,java

再通过https协议访问https://localhost:8443

tomcat ssl,Linux,tomcat,ssl,java
如上图所示配置成功了,通过两个协议都可以访问。也可以进行其他的配置如修改为默认的端口号,这样就不需要每次添加端口号了,http协议是80,https协议是443。也可以配置跳转,将http协议访问的跳转到https协议上去即在web.xml配置文件中添加:

<security-constraint> 
    <web-resource-collection > 
        <web-resource-name >SSL</web-resource-name>  
        <url-pattern>/*</url-pattern> 
    </web-resource-collection> 
    <user-data-constraint> 
        <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
    </user-data-constraint> 
</security-constraint>

添加上面内容就会实现实现HTTP自动跳转为HTTPS。甚至在跳转到一个项目上直接跳到网站首页也是可以的。

服务器上SSL证书配置

前面已经配置了本地即离线的SSL证书,那么该如何配置服务器上的SSL证书呢?道理和步骤和本地几乎是一样的。唯一不同的时外网的需要提供外网的SSL证书,可以在购买云服务器的网站免费下载证书,也可以通过第三方下载。不限于,华为云,阿里云,腾讯云等。

接下来以阿里云,云服务器内核为CentOS7为例,WEB服务器为Tomcat下载并配置SSL证书,来开放HTTPS协议访问。

SSL证书下载

下载好证书后是一个压缩包类型:

tomcat ssl,Linux,tomcat,ssl,java
解压得到两个文件,一个是证书文件pfx类型,一个是密码txt类型:

tomcat ssl,Linux,tomcat,ssl,java

和之前配置本地的方式一样主要就是配置https的证书,将解压的证书上传到服务的可见文件夹,记录该文件地址,配置server.xml文件:

<?xml version="1.0" encoding="UTF-8"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<!-- Note:  A "Server" is not itself a "Container", so you may not
     define subcomponents such as "Valves" at this level.
     Documentation at /docs/config/server.html
 -->
<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <!-- Security listener. Documentation at /docs/config/listeners.html
  <Listener className="org.apache.catalina.security.SecurityListener" />
  -->
  <!-- APR library loader. Documentation at /docs/apr.html -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <!-- Global JNDI resources
       Documentation at /docs/jndi-resources-howto.html
  -->
  <GlobalNamingResources>
    <!-- Editable user database that can also be used by
         UserDatabaseRealm to authenticate users
    -->
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <!-- A "Service" is a collection of one or more "Connectors" that share
       a single "Container" Note:  A "Service" is not itself a "Container",
       so you may not define subcomponents such as "Valves" at this level.
       Documentation at /docs/config/service.html
   -->
  <Service name="Catalina">

    <!--The connectors can use a shared executor, you can define one or more named thread pools-->
    <!--
    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
        maxThreads="150" minSpareThreads="4"/>
    -->


    <!-- A "Connector" represents an endpoint by which requests are received
         and responses are returned. Documentation at :
         Java HTTP Connector: /docs/config/http.html
         Java AJP  Connector: /docs/config/ajp.html
         APR (HTTP/AJP) Connector: /docs/apr.html
         Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
    -->
    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" URIEncoding="UTF-8"/>


     
     <!--https测试-->
      <!-- certificateKeystoreFile 用于指定证书所在的目录 ;
 		certificateKeystorePassword 用于指定证书的密码;
		type是使用的加密算法-->
    <!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
              maxThreads="150" schema="https" secure="true" SSLEnabled="true">
      <SSLHostConfig>
        <Certificate
          certificateKeystoreFile="cert/6340408_www.qiyuanrenli.com.pfx" 
          certificateKeystorePassword="zXOfVn8u" type="PKCS12"
        />
      </SSLHostConfig>
    </Connector> -->

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" SSLEnabled="true">
    <SSLHostConfig>
        <Certificate certificateKeystoreFile="conf/cert/6340408_www.qiyuanrenli.com.pfx" 
                     certificateKeystoreType="PKCS12"
                     certificateKeystorePassword="zXOfVn8u" />
    </SSLHostConfig>
</Connector>


    <!-- A "Connector" using the shared thread pool-->
    <!--
    <Connector executor="tomcatThreadPool"
               port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    -->
    <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443
         This connector uses the NIO implementation. The default
         SSLImplementation will depend on the presence of the APR/native
         library and the useOpenSSL attribute of the
         AprLifecycleListener.
         Either JSSE or OpenSSL style configuration may be used regardless of
         the SSLImplementation selected. JSSE style configuration is used below.
    -->
    <!--
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>
    -->
    <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
         This connector uses the APR/native implementation which always uses
         OpenSSL for TLS.
         Either JSSE or OpenSSL style configuration may be used. OpenSSL style
         configuration is used below.
    -->
    <!--
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
               maxThreads="150" SSLEnabled="true" >
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
                         certificateFile="conf/localhost-rsa-cert.pem"
                         certificateChainFile="conf/localhost-rsa-chain.pem"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>
    -->

    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <!--
    <Connector protocol="AJP/1.3"
               address="::1"
               port="8009"
               redirectPort="8443" />
    -->

    <!-- An Engine represents the entry point (within Catalina) that processes
         every request.  The Engine implementation for Tomcat stand alone
         analyzes the HTTP headers included with the request, and passes them
         on to the appropriate Host (virtual host).
         Documentation at /docs/config/engine.html -->

    <!-- You should set jvmRoute to support load-balancing via AJP ie :
    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
    -->
    <Engine name="Catalina" defaultHost="localhost">

      <!--For clustering, please take a look at documentation at:
          /docs/cluster-howto.html  (simple how to)
          /docs/config/cluster.html (reference documentation) -->
      <!--
      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
      -->

      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
           via a brute-force attack -->
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <!-- This Realm uses the UserDatabase configured in the global JNDI
             resources under the key "UserDatabase".  Any edits
             that are performed against this UserDatabase are immediately
             available for use by the Realm.  -->
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

        <!-- SingleSignOn valve, share authentication between web applications
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
        -->

        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />

      </Host>
    </Engine>
  </Service>
</Server>

同样的核心配置就这几行:


<!--https  SSL证书-->

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" SSLEnabled="true">
    <SSLHostConfig>
        <Certificate certificateKeystoreFile="conf/cert/6340408.pfx" 
                     certificateKeystoreType="PKCS12"
                     certificateKeystorePassword="-----" />
    </SSLHostConfig>
</Connector>

certificateKeystoreFile是上传的证书所在的位置,certificateKeystoreType是证书的类型,不是所有证书都是fpx类型,也要适当更改例如还有RSA类型。certificateKeystorePassword是证书密钥,打开下载的哪个txt文档就可以看见密钥。

配置完成后重启Tomcat服务器即可。成功的HTTP和HTTPS都可以访问。

tomcat ssl,Linux,tomcat,ssl,java

tomcat ssl,Linux,tomcat,ssl,java

如果HTTPS配置了还能访问的话分析错误的原因:

  1. 该网站为提供安全连接

如果浏览器出现该情况的大概率就是证书配置有问题,检查一下是否有配置错误的问题。

  1. 无法访问此网页

浏览器出现该提示,首先检查域名或ip是否正确,然后是端口号,http协议的tomcat默认是8080,https协议在配置时监听的端口时8443。

3.服务器未响应

浏览器出现这个提示时,可能时服务上的服务未启动、端口被占用、或者是防火墙未开放端口,需要去云服务器的安全组开放端口。

最后要注意的是端口问题,如果安装了防火墙工具的话要开启用到的端口,云服务器去安全组开放端口,安装了宝塔的也要开启端口。文章来源地址https://www.toymoban.com/news/detail-801539.html

到了这里,关于Tomcat配置SSL证书的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处: 如若内容造成侵权/违法违规/事实不符,请点击违法举报进行投诉反馈,一经查实,立即删除!

领支付宝红包 赞助服务器费用

相关文章

  • 阿里云申请免费SSL证书的两种验证方式及配置服务器Tomcat升级HTTPS协议

    通用教程,其他服务商的免费 SSL 证书也差不多是这个流程。(至少腾讯云的操作步骤和本文是一致,嘻嘻!) 首先在阿里云上创建并申请 SSL 证书,之后选择 DNS 验证的方式,一种是手动配置解析地址进行验证,另一种是在服务器上放置一个验证文件进行验证。 手动 DNS 验证

    2024年02月10日
    浏览(96)
  • Tomcat 服务器安装SSL证书

    Tomcat服务器安装SSL证书 Tomcat 支持 PFX 格式和 JKS 两种格式的证书,您可根据您 Tomcat 的版本择其中一种格式的证书安装到 Tomcat 上。 一、安装PFX 格式证书 1、准备好 PFX 格式的证书; 2、在 Tomcat 安装目录下新建 cert 目录,将证书文件拷贝到 cert 目录下。 3、打开 Tomcat conf serv

    2024年02月03日
    浏览(42)
  • 34、springboot切换内嵌Web服务器(Tomcat服务器)与 生成SSL证书来把项目访路径从 HTTP 配置成 HTTPS

    知识点1:springboot切换内嵌Web服务器(Tomcat服务器) 知识点2:生成SSL证书来把项目访路径从 HTTP 配置成 HTTPS spring-boot-starter-web 默认依赖 Tomcat 内置服务器 改为 Jetty 服务器 改为 Undertow 服务器 目的:把请求路径 http://xxxxx 改成 https://xxxxx 如图:原本普通的项目,启动后是http的

    2024年02月11日
    浏览(52)
  • Tomcat配置ssl、jar包

    部署tomcat服务,项目做到用https访问,使用nginx去做,访问任意一个子网站,都是https 或者 医美项目需要 上传jdk  456      tomcat war包   [nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key module_ho

    2024年02月09日
    浏览(43)
  • tomcat国密ssl测试

    下载 tomcat8.5 https://www.gmssl.cn/gmssl/index.jsp 下载 tomcat 国密组件及证书 本次测试所有的程序文件均已打包,可以直接 点击下载 自行完成 完成centos 的jdk配置。 部署tomcat,将 gmssl4t.jar gmssl_provider.jar 添加到 tomcat/lib 目录 将 sm2_rsa.pfx sm2.pfx 添加到 tomcat/certs 目录 按照官方描述 sm2.p

    2024年01月17日
    浏览(36)
  • aliyun服务器(Linux)安装emqx,配置ssl证书

    EMQX版本:5.0.8 操作系统及版本:Ubuntu 20.04.1 云服务器:阿里云轻量应用服务器 所用软件:WinSCP、XShell、宝塔面板、MQTTX 其他 食用本文的前提:服务器已经购买,相关基础配置已经完备,域名已经备案,域名与IP已经绑定。 文章末尾会提供所用到的软件 小破站找到的emqx安装

    2024年02月09日
    浏览(65)
  • Linux nginx实现访问,配置ssl证书实现https访问

    注意:服务器需要开通80端口 (1)alias: alias指定的路径是location的别名,不管location的值怎么写,资源的 真实路径都是 alias 指定的路径 例如:同样请求 http://xxx.com/upload/top.gif 时,在服务器查找的资源路径是: /www/wwwroot/upload/top.gif (2)root:真实的路径是root指定的值加上

    2024年02月01日
    浏览(57)
  • 基于tomcat的https(ssl)双向认证

            某个供应商服务需要部署到海外,如果海外多个地区需要部署多个服务,最好能实现统一登录,这样可以减轻用户的使用负担(不用记录一堆密码)。由于安全问题(可能会泄露用户数据),海外服务不能直连公司sso服务端,因此需要其他的方案解决安全问题。最终

    2024年02月20日
    浏览(44)
  • 【Java开发】Spring Cloud 11:Gateway 配置 ssl 证书(https、http、域名访问)

    最近研究给微服务项目配置 ssl 证书,如此才可以对接微信小程序(需要使用 https 请求)。传统单体项目来说,首先往项目中添加证书文件,然后在配置文件中配置 ssl 证书路径、密码等相关信息;那么微服务这么多项目,总不能一个个配置 ssl 证书,最后发现可以直接通过网

    2024年02月08日
    浏览(77)
  • web server apache tomcat11-12-SSL/TLS Configuration

    整理这个官方翻译的系列,原因是网上大部分的 tomcat 版本比较旧,此版本为 v11 最新的版本。 从零手写实现 tomcat minicat 别称【嗅虎】心有猛虎,轻嗅蔷薇。 web server apache tomcat11-01-官方文档入门介绍 web server apache tomcat11-02-setup 启动 web server apache tomcat11-03-deploy 如何部署 web

    2024年04月22日
    浏览(46)

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

博客赞助

微信扫一扫打赏

请作者喝杯咖啡吧~博客赞助

支付宝扫一扫领取红包,优惠每天领

二维码1

领取红包

二维码2

领红包