super

tomcat ssl的配置



keytool -genkey -alias tomcat -keyalg RSA -keysize 1024 -keypass changeit -storepass changeit -keystore tomcat.keystore -validity 3600
 
--这两步可以不用
keytool -export -trustcacerts -alias tomcat -file tomcat.cer -keystore  tomcat.keystore -storepass changeit
keytool -import -trustcacerts -alias tomcat -file tomcat.cer -keystore  %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit
 
 
Tomcat4.1.34配置:
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"             port="8443" enableLookups="true" scheme="https" secure="true"             acceptCount="100"             useURIValidationHack="false" disableUploadTimeout="true"             clientAuth="false" sslProtocol="TLS"               keystoreFile="tomcat.keystore"               keystorePass="changeit"/> 
Tomcat5.5.9配置: 
  
<Connector port="8443" maxHttpHeaderSize="8192"  
           maxThreads="150" minSpareThreads="25" maxSpareThreads="75"  
           enableLookups="false" disableUploadTimeout="true"  
           acceptCount="100" scheme="https" secure="true"  
           clientAuth="false" sslProtocol="TLS"    
           keystoreFile="tomcat.keystore"    
           keystorePass="changeit"/>  
Tomcat5.5.20配置(此配置同样可用于Tomcat6.0):
<Connector protocol="org.apache.coyote.http11.Http11Protocol"    
                     port="8443" maxHttpHeaderSize="8192"  
           maxThreads="150" minSpareThreads="25" maxSpareThreads="75"  
           enableLookups="false" disableUploadTimeout="true"  
           acceptCount="100" scheme="https" secure="true"  
           clientAuth="false" sslProtocol="TLS"                   
           keystoreFile="tomcat.keystore"    
           keystorePass="changeit"/>  
Tomcat6.0.10配置:
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"  
           port="8443" minSpareThreads="5" maxSpareThreads="75"  
           enableLookups="true" disableUploadTimeout="true"    
           acceptCount="100"  maxThreads="200"  
           scheme="https" secure="true" SSLEnabled="true"  
           clientAuth="false" sslProtocol="TLS"  
           keystoreFile="D:/tools/apache-tomcat-6.0.10/tomcat.keystore"    
           keystorePass="changeit"/>  
   

其他有用keytool命令(列出信任证书库中所有已有证书,删除库中某个证书):
keytool -list -v -keystore D:/sdks/jdk1.5.0_11/jre/lib/security/cacerts
keytool -delete -trustcacerts -alias tomcat  -keystore  D:/sdks/jdk1.5.0_11/jre/lib/security/cacerts -storepass changeit

posted on 2009-04-02 15:14 王卫华 阅读(464) 评论(0)  编辑  收藏


只有注册用户登录后才能发表评论。


网站导航:
博客园   IT新闻   Chat2DB   C++博客   博问