Configuring Tomcat 5.5 for SSL using OpenSSL
转自:http://blogs.dfwikilabs.org/pigui/2007/12/10/configuring-tomcat-55-for-ssl-using-openssl/This post explains step by step actions to enable SSL in Tomcat
[*]Generate an RSA key for signing the certificate:
openssl genrsa -out key.pem 2048
[*]Generate a certificate using the new key:
openssl req -new -x509 -key key.pem -out cert.pem -days 365
Answer the quesstions with your name, organization name, e-mail, etc.
[*]Since the certificate is in PEM format, convert it to PKCS12 for Tomcat:
openssl pkcs12 -export -in cert.pem -inkey key.pem -out cert.p12 -name tomcat
Enter a password, don’t leave it blank.
[*]Edit $TOMCAT_HOME/conf/server.xml and modify the SSL connector:
<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12"
keystoreFile="conf/cert.p12" keystorePass="password"/>
Remember to change password with the one typed at 3.
Note: DON’T use a self-signed certificate in a PRODUCTION SITE! Contact with a CA to sign your certificate.
页:
[1]