基于the Tomcat document,我运行以下命令来生成SSL密钥库。
a_list = [['For,IN', ',,,', 'We,PRP', 'the,DT', 'divine,NN', 'caused,VBD', 'apostle,NN', 'We,PRP', 'vouchsafed,VBD', 'unto,JJ', 'Jesus,NNP', 'the,DT', 'son,NN', 'of,IN', 'Mary,NNP', 'all,DT', 'evidence,NN', 'of,IN', 'the,DT', 'truth,NN', ',,,', 'and,CC', 'strengthened,VBD', 'him,PRP', 'with,IN', 'holy,JJ'], ['be,VB', 'nor,CC', 'ransom,NN', 'taken,VBN', 'from,IN', 'them,PRP', 'and,CC', 'none,NN', '\n']]
pos_tags = (',NN', ',NNP', ',NNS', ',NNPS')
nouns = [s.split(',')[0] for sub in a_list for s in sub if s.endswith(pos_tags)]
print(nouns)
['divine', 'apostle', 'Jesus', 'son', 'Mary', 'evidence', 'truth', 'ransom', 'none']
>>>
我得到以下内容:
"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA
所以,我运行上面的命令。
接下来,我将server.xml配置为
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:\Users\me\.keystore -destkeystore C:\Users\me\.keystore -deststoretype pkcs12".
对于部署在TC上的应用程序的Rest API,我仍然可以使用http访问8080端口。但是对于8443端口,我对Postman上的https有“无法得到任何回应”。根据邮递员的指示,
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:\Users\me\.keystore"
keystorePass="password"/>
我做了更改,但我仍然得到“无法得到任何回复”。
据我了解,客户端需要存储在密钥库中的公钥进行解密。客户如何获得密钥?我必须有证书吗? Web应用程序不是面向公众的,但它在内部使用。
以下是“netstat -a”
的输出Self-signed SSL certificates are being blocked: Fix this by turning off 'SSL certificate verification' in Settings > General
端口8443不在列表中。此外,在TC启动后,控制台中会显示以下消息
c:\>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 me-171106:0 LISTENING
TCP 0.0.0.0:445 me-171106:0 LISTENING
TCP 0.0.0.0:2179 me-171106:0 LISTENING
TCP 0.0.0.0:4000 me-171106:0 LISTENING
TCP 0.0.0.0:5040 me-171106:0 LISTENING
TCP 0.0.0.0:5357 me-171106:0 LISTENING
TCP 0.0.0.0:5473 me-171106:0 LISTENING
TCP 0.0.0.0:7680 me-171106:0 LISTENING
TCP 0.0.0.0:8009 me-171106:0 LISTENING
TCP 0.0.0.0:8080 me-171106:0 LISTENING
TCP 0.0.0.0:49664 me-171106:0 LISTENING
TCP 0.0.0.0:49665 me-171106:0 LISTENING
TCP 0.0.0.0:49666 me-171106:0 LISTENING
TCP 0.0.0.0:49667 me-171106:0 LISTENING
TCP 0.0.0.0:49668 me-171106:0 LISTENING
TCP 0.0.0.0:49669 me-171106:0 LISTENING
TCP 0.0.0.0:49670 me-171106:0 LISTENING
TCP 0.0.0.0:63938 me-171106:0 LISTENING
TCP 0.0.0.0:63939 me-171106:0 LISTENING
TCP 0.0.0.0:64466 me-171106:0 LISTENING
TCP 127.0.0.1:1023 me-171106:0 LISTENING
TCP 127.0.0.1:4000 me-171106:49984 TIME_WAIT
TCP 127.0.0.1:4000 me-171106:50004 ESTABLISHED
TCP 127.0.0.1:4000 me-171106:50019 ESTABLISHED
TCP 127.0.0.1:6942 me-171106:0 LISTENING
TCP 127.0.0.1:8005 me-171106:0 LISTENING
TCP 127.0.0.1:14617 me-171106:50041 FIN_WAIT_2
TCP 127.0.0.1:19361 me-171106:50006 ESTABLISHED
TCP 127.0.0.1:19385 me-171106:50020 ESTABLISHED
TCP 127.0.0.1:49985 me-171106:33544 TIME_WAIT
TCP 127.0.0.1:50004 me-171106:4000 ESTABLISHED
TCP 127.0.0.1:50006 me-171106:19361 ESTABLISHED
TCP 127.0.0.1:50019 me-171106:4000 ESTABLISHED
TCP 127.0.0.1:50020 me-171106:19385 ESTABLISHED
TCP 127.0.0.1:50041 me-171106:14617 CLOSE_WAIT
TCP 127.0.0.1:57130 me-171106:0 LISTENING
TCP 127.0.0.1:57130 me-171106:61593 ESTABLISHED
TCP 127.0.0.1:57738 me-171106:62522 ESTABLISHED
TCP 127.0.0.1:60959 me-171106:60960 ESTABLISHED
TCP 127.0.0.1:60960 me-171106:60959 ESTABLISHED
TCP 127.0.0.1:61582 me-171106:61583 ESTABLISHED
TCP 127.0.0.1:61583 me-171106:61582 ESTABLISHED
TCP 127.0.0.1:61593 me-171106:57130 ESTABLISHED
TCP 127.0.0.1:61594 me-171106:61595 ESTABLISHED
TCP 127.0.0.1:61595 me-171106:61594 ESTABLISHED
TCP 127.0.0.1:62522 me-171106:0 LISTENING
TCP 127.0.0.1:62522 me-171106:57738 ESTABLISHED
TCP 127.0.0.1:62743 me-171106:62744 ESTABLISHED
TCP 127.0.0.1:62744 me-171106:62743 ESTABLISHED
TCP 127.0.0.1:62745 me-171106:62746 ESTABLISHED
TCP 127.0.0.1:62746 me-171106:62745 ESTABLISHED
TCP 127.0.0.1:62752 me-171106:62753 ESTABLISHED
TCP 127.0.0.1:62753 me-171106:62752 ESTABLISHED
TCP 127.0.0.1:62754 me-171106:62755 ESTABLISHED
TCP 127.0.0.1:62755 me-171106:62754 ESTABLISHED
TCP 127.0.0.1:62756 me-171106:62757 ESTABLISHED
TCP 127.0.0.1:62757 me-171106:62756 ESTABLISHED
TCP 127.0.0.1:62758 me-171106:62759 ESTABLISHED
TCP 127.0.0.1:62759 me-171106:62758 ESTABLISHED
TCP 127.0.0.1:63342 me-171106:0 LISTENING
TCP 127.0.0.1:64418 me-171106:64419 ESTABLISHED
TCP 127.0.0.1:64419 me-171106:64418 ESTABLISHED
TCP 127.0.0.1:64593 me-171106:0 LISTENING
TCP 172.25.25.141:139 me-171106:0 LISTENING
TCP 172.25.25.141:49623 40.97.48.98:https ESTABLISHED
TCP 172.25.25.141:49797 40.97.48.98:https ESTABLISHED
TCP 172.25.25.141:49898 151.101.65.69:https TIME_WAIT
TCP 172.25.25.141:49911 stackoverflow:https ESTABLISHED
TCP 172.25.25.141:49981 40.97.48.98:https ESTABLISHED
TCP 172.25.25.141:50014 server-52-84-16-177:https ESTABLISHED
TCP 172.25.25.141:50015 ec2-52-71-1-248:https ESTABLISHED
TCP 172.25.25.141:50028 ec2-50-16-236-165:http ESTABLISHED
TCP 172.25.25.141:50029 sea15s07-in-f4:https CLOSE_WAIT
TCP 172.25.25.141:50030 gigaspeedtest:http ESTABLISHED
TCP 172.25.25.141:50031 sea15s07-in-f78:https ESTABLISHED
TCP 172.25.25.141:50032 vip1:http ESTABLISHED
TCP 172.25.25.141:50033 vip1:http ESTABLISHED
TCP 172.25.25.141:50034 vip1:http ESTABLISHED
TCP 172.25.25.141:50035 vip1:http ESTABLISHED
TCP 172.25.25.141:50036 vip1:http ESTABLISHED
TCP 172.25.25.141:50037 vip1:http ESTABLISHED
TCP 172.25.25.141:50038 sea15s07-in-f78:https ESTABLISHED
未提及端口8443.
答案 0 :(得分:0)
问题得到解决。原因是TC配置。它以某种方式搞砸了端口8443.现在,当使用Postman关闭SSL证书验证时,我可以访问端口8443上的那些REST端点。