4.4.6 Tomcat HTTPS配置
在server.xml里配置:
tomcat普通的https配置
<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="conf/.keystore"
keystorePass="lizongbo">
</Connector>
Tomcat使用apr之后的ssl双向认证配置如下:
<Connector port="8443" maxHttpHeaderSize="8192" protocol="HTTP/1.1"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="true" <!--双向验证-->
SSLEngine="on" bufferSize="8192"
SSLEnabled="true"
SSLProtocol="all"
SSLCipherSuite="ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"
SSLCertificateFile="..\conf\ca\www.crt"
SSLCertificateKeyFile="..\conf\ca\www.key"
SSLCACertificateFile="..\conf\ca\ca.crt"
SSLCACertificatePath="..\conf\ca"
SSLVerifyDepth="15"
SSLVerifyClient="require"
/>
4.6.6 Squid HTTPS
squid.conf中加上:
https_port 3443 cert=D:/ca/www.crt key=D:/ca/www.key
4.7.6 LightTPD HTTPS
首先使用copy命令把 key和crt合并为一个文件,
D:\ca>copy /b www.key+www.crt www.pem
然后配置如下:
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "D:/ca/www.pem"
ssl.ca-file = "D:/ca/ca.crt"
server.name = "www"
server.document-root = "D:/httpsdosc"
server.errorlog = "httpserror.log"
accesslog.filename = "httpsaccess.log"
}
(下面的双向验证没有测试是否可用)
如需启用双向验证,则还需下面的配置参数:
ssl.verify-peer = "enable"
ssl.verify-depth = 1
参考:http://trac.lighttpd.net/trac/ticket/921