TOMCAT SSL SETTING 1. Environment 1.1 Tomcat 6.0.16 1.2 JDK 1.6.0_11 1.3 Windows Vista Home Premium SP1 2. Define Visual Host 2.1 至 C:\Windows\System32\drivers\etc\ 至至 hosts 至,至至至至至至至至: 192.168.102.77 slantkang-hp. i ks.com.tw 2.2 至至 %CATALINA_HOME%\conf\ 至至 server.xml 至至一 <Engine name="Catalina" defaultHost=" localhost "> 至 localhost 至至至至至至至,至至 slantkang-hp.iks.com.tw 至至一 <Host name=" localhost " appBase="webapps" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"> 至 localhost 至至至至至至至,至至 slantkang-hp.iks.com.tw 至至,至至至至至至,至至至 http:// slantkang-hp.iks.com.tw:8080 3. 切切 Console 切切切切切切 % CATALINA_HOME % 切，切切切切切切 Step 1. Generate an RSA key pair and a self-signed certificate JDK 1.6: keytool -genkeypair -alias tomcat -keyalg RSA -keystore server.keystore JDK 1.5: keytool -genkey -alias tomcat -keyalg RSA -keystore server.keystore -keypass changeit -storepass changeit -keysize 1024 //KEY SIZE

Tomcat ssl 設定

Download DOC Report

Upload
-
View
885
Download
3

Embed Size (px)

DESCRIPTION

Citation preview

1. TOMCAT SSL SETTING 1. Environment 1.1 Tomcat 6.0.16 1.2 JDK 1.6.0_11 1.3 Windows Vista Home Premium SP1 2. Define Visual Host 2.1 C:WindowsSystem32driversetc hosts , : 192.168.102.77 slantkang-hp.iks.com.tw 2.2 %CATALINA_HOME%conf server.xml localhost , slantkang-hp.iks.com.tw localhost , slantkang-hp.iks.com.tw ,, http:// slantkang-hp.iks.com.tw:8080 3. Console % CATALINA_HOME % Step 1. Generate an RSA key pair and a self-signed certificate JDK 1.6: keytool -genkeypair -alias tomcat -keyalg RSA -keystore server.keystore JDK 1.5: keytool -genkey -alias tomcat -keyalg RSA -keystore server.keystore -keypass changeit -storepass changeit -keysize 1024 //KEY SIZE -validity 365 //certificate valid for 365 days before expiring
2. * password:changeit * the web browser will check the value of this field against the fully qualified hostname of your server. If the CN field value does not match the servers hostname, the web browser will warn the user that they do not match.
3. Step 2 Generate a certificate signing request (CSR) from the key pair keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore server.keystore
4. * password:changeit Step 3 Send the CSR to the CA. Again https://www.thawte.com/ucgi/gothawte.cgi?a=w14100158767049000 CSR , tomcat.cer
5. http://www.thawte.com/roots/index.html Step 4 Root Certificate import keystore keytool -import -alias root -keystore server.keystore -trustcacerts -file GCA.cer OR keytool -import -alias root -keystore server.keystore -trustcacerts -file Thawte Test CA Root.cer
6. Step 5. tomcat.cer import keystore keytool -import -alias tomcat -keystore server.keystore -trustcacerts -file tomcat.cer
7. 4. TOMCAT %TOMCAT_HOME%confserver.xml 5. Webapp Web.xml() DisabledMethods/*DELETEPUTTRACEOPTIONS
8. OrdinaryUserAction/index-in.jspGETPOST*Purchase/test.jsp*CONFIDENTIALFORM/login1.jsp/errorpage.jsp 6. https://slantkang-
9. hp.iks.com.tw:8443/CMS/test.jsp PS. https S , >< PS. http://slantkang-hp.iks.com.tw:8080/CMS/test.jsp https://slantkang-hp.iks.com.tw:8443/CMS/test.jsp