Tomcat SSL 配置
我收到了用于 Tomcat 6.0 服务器的 SSL 证书,可以使用了。
我将 Tomcat 配置为在 server.xml 中将其与以下内容一起使用:
<Connector
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:\Tomcat 6.0\ssl\cert" keystorePass="*****"
clientAuth="false" sslProtocol="TLS"/>
我使用命令提示符启动 Tomcat,以便在发生错误时可以看到任何错误消息。没有。
访问不同URL的结果:
- http://localhost ->正常页面加载正常
- https://localhost ->找不到浏览器声明页面
- https://localhost:8443 ->找不到页面
- http://localhost:8443 ->在接受重定向到 https://localhost 后提供证书(我怀疑 https:// url 最初提供的证书会自动提供)被浏览器接受,因为它是由 Verisign 发布的)
如何修复?
编辑:我也尝试过端口=“443”。相同的结果。
I received a SSL cert to use for a Tomcat 6.0 server, ready to use.
I configured Tomcat to use it with the following in server.xml:
<Connector
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:\Tomcat 6.0\ssl\cert" keystorePass="*****"
clientAuth="false" sslProtocol="TLS"/>
I started Tomcat using the command prompt so I could see any error message as they happened. There were none.
The results for accessing different URLS:
- http://localhost -> normal page loads fine
- https://localhost -> browser claims page cannot be found
- https://localhost:8443 -> page cannot be found
- http://localhost:8443 -> offers a certificate, after accepted redirects to https://localhost (I suspect the https:// urls initially offer the certificate which is automatically accepted by the browser, as it was issued by Verisign)
How to fix?
Edit: I've also tried port="443". Same result.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您在 8443 和 443 上都需要 SSL 吗?
如果您需要的只是 443(标准 HTTP 端口),则只需将端口 =“8443”更改为“443”,https:// URL 应该可以正常工作。
编辑:
好的,所以如果您已进行更改并退回 tomcat,并且它仍然在侦听 8443,那么必须指定另一个正在侦听 8443 的连接器。
是我的 server.xml 中的连接器配置
这 来自 8080 的流量被(内部)重定向到端口 443 上的连接器。来自 443 的流量没有任何重定向指令。
我会对 8443 的配置进行 grep,以确保另一个配置没有潜入某处。
Do you require SSL on both 8443 and 443?
If all you need is 443 (the standard HTTP port), you can simply change the port="8443" to "443" and https:// URLs should work fine.
EDIT:
OK, so if you've made the change and bounced tomcat and it's still listening on 8443 then there must be another connector specified which is listening on 8443.
Here's my connector configuration from my server.xml
That results in traffic coming in on 8080 being (internally) redirected to the connector on port 443. Traffic from 443 doesn't have any redirect directive.
I'd do a grep of your configurations for 8443 to make sure another one hasn't sneaked in somewhere.
我看起来您在 keystoreFile 属性中引用了一个证书文件...如果该文件实际上是一个证书文件,您应该使用类似的文件
...如果这是正确的(该文件是证书)那么您还需要一个密钥,例如:
如果您在 CA 链中有需要的中间证书,请添加:
I looks like you referenced a cert file in the keystoreFile attribute... if that file is actually a cert file you should use something like this
... if that is correct (that the file a cert) then you will also need a key, for example:
If you have intermediate certs that you need in the CA chain, add: