今天給公司同事要求在內(nèi)部測試服務(wù)器上,讓tomcat支持ssl,本來我以為是在apache上配置,原來tomcat自己都可以配置ssl,來看教程吧.
系統(tǒng):centos 5.5
需要的軟件:jdk-6u32-linux-i586-rpm.bin
apache-tomcat-6.0.36.tar.gz
1.安裝前準(zhǔn)備
wget http://apache.etoak.com/tomcat/tomcat-6/v6.0.36/bin/apache-tomcat-6.0.36.tar.gz
wget http://download.slogra.com/java/jdk-6u32-linux-i586.bin
2.安裝jdk
大家可以去看centos安裝jdk 1.6這篇文章.
3.安裝tomcat
tar zxf apache-tomcat-6.0.36.tar.gz -c /usr/local
cd /usr/local
mv apache-tomcat-6.0.36 tomcat cd tomcat
./bin/startup.sh
然后在瀏覽器輸入:http://localhost:8080看看那只"貓"是否出來了.
4.配置SSL
cd /usr/java/jdk1.6.0_32/bin
./keytool -genkey -alias tomcat -keyalg RSA -keystore /usr/local/tomcat/conf/.keystore
輸入密碼�、提供你的信息即可.
5.修改tomcat配置文件
cd /usr/local/tomcat/conf/
vi server.xml
找到這一段:
Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
修改為:
Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" keystoreFile="/usr/local/tomcat6-ccms/conf/.keystore" keystorePass="monstar" sslProtocol="TLS" />
6.重啟tomcat
/usr/local/tomcat/bin/shutdown.sh
/usr/local/tomcat/bin/startup.sh
防火墻開啟8443端口,然后在瀏覽器輸入:https://ip:8443/,好了可以安全的看到那只"貓"了.
