Tomcat配置HTTPS协议(3)

日期：2020-06-10 栏目：程序人生浏览：次

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 3A 8F 05 4C 85 6D 2F EE 1E E6 46 ED AD CC CA A6 :..L.m/...F.....
0010: 06 78 A7 CA .x..
]
]
*******************************************
*******************************************
Alias name: 1
Creation date: Apr 16, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: EMAILADDRESS=tomcat@apache.com, CN=Tomcat, OU=Tomcat, O=Apache, L=Beijing, ST=Beijing, C=CN
Issuer: EMAILADDRESS=tomcat@apache.com, CN=Tomcat, OU=Tomcat, O=Apache, L=Beijing, ST=Beijing, C=CN
Serial number: 84802670058ff7d5
Valid from: Mon Apr 16 16:31:46 CST 2018 until: Thu Apr 13 16:31:46 CST 2028
Certificate fingerprints:
MD5: 46:F0:86:8A:FB:60:2E:AA:14:E5:AF:7F:8B:05:A2:F5
SHA1: EF:3E:90:08:0D:9E:53:95:4E:4F:36:29:78:05:93:E1:DB:48:CB:A2
SHA256: 8E:B7:51:6D:04:09:24:28:20:68:4F:C3:2A:2E:47:1E:B8:F6:C2:87:D1:55:30:8C:B0:2A:EA:2A:02:8B:09:76
Signature algorithm name: SHA1withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 1

*******************************************
*******************************************

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore mykey.keystore -destkeystore mykey.keystore -deststoretype pkcs12".

9 将mykey.keystore 秘钥库文件按照前文说明的方式部署到Tomcat中（非APR链接器）。通过浏览器可查看证书信息。
10 如果在APR链接器配置SSL，首先需要在server.xml的<Server>下添加监听器AprLifecycleListener:
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"

SSLRandomSeed="builtin" userAprConnector="true" />

说明：userAprConnector 为8.5版本新属性，用于启用Apr Connector，8.5版本之前不必配置，默认自动启用

然后，添加SSL链接器配置如下（Tomcat8.5）：

certificateKeystoreFile 用于配置服务器端秘钥

certificateFile用于配置服务器端证书

转载注明出处：https://www.heiqu.com/40413ff8deb262c0e34c60e391f0bf8c.html

Tomcat配置HTTPS协议(3)

相关推荐