使用生成的密钥库文件进行tomcat https配置

时间:2017-03-20 07:47:45

标签: java tomcat ssl https keystore

在开始之前,我只是按照DZone的步骤进行操作。

Setting Up Tomcal SSL in 5 Minutes

我看过几个类似的教程,但我找不到问题的答案。

问题:

我可以访问HTTP / 8080,但无法访问HTTPS / 8443,它似乎永远在加载 尝试使用HTTP / 8443得到错误(正如我所料)

我尝试使用curl命令:

borgymanotoy@ujease:/home/borgymanotoy$ curl -Iv https://localhost:8443
* Rebuilt URL to: https://localhost:8443/
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 697 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* Operation timed out after 300495 milliseconds with 0 out of 0 bytes received
* Closing connection 0
curl: (28) Operation timed out after 300495 milliseconds with 0 out of 0 bytes received

注意:

我按照给定网站中的步骤操作。检查以下内容:

1)成功生成.keystore文件 2)使用密码生成的密钥库文件的确切路径正确更新了tomcat的server.xml,并检查了正确的情况。
3)检查了tomcat日志并没有发现任何错误。

有人试过按照链接中的步骤,得到错误并修复它吗?

1 个答案:

答案 0 :(得分:0)

感谢nandsito指向最新的tomcat指南。

顺便说一下,我正在使用在Ubuntu Linux上运行的Tomcat 8.5。 本教程使用的是Tomcat 7,因此我遇到了一些连接问题。

我只是在我的tomcat的server.xml文件中设置了SSL连接器设置。

<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector
       protocol="org.apache.coyote.http11.Http11NioProtocol"
       port="8443" maxThreads="200"
       scheme="https" secure="true" SSLEnabled="true"
       keystoreFile="/home/borgymanotoy/.keystore" keystorePass="bilat-savore"
       clientAuth="false" sslProtocol="TLS" />

重新启动我的tomcat,并尝试了curl命令:

$ curl -Iv https://localhost:8443

* Rebuilt URL to: https://localhost:8443/
*   Trying ::1...
* Connected to localhost (::1) port 8443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 694 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
* server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
* Closing connection 0
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

我现在可以访问https://localhost:8443/

相关问题
最新问题