首页 > 代码库 > CAS配置(一)SSL证书配置

CAS配置(一)SSL证书配置

2024-09-13 09:12:14   220人阅读

一、配置源码

源码配置稍后提供

二、系统环境安装

安装JDK配置,版本>=1.7

环境变量配置(参考)

JAVA_HOME=C:\Program Files x86)\Java\jdk1.7.0_25

Path=%JAVA_HOME\bin

CALSS=.;%JAVA_HOME\lib\tools.jar;%JAVA_HOME\lib\dt.jar       

三、数据库安装

可选项:MySql,MsSql,Oracle,均可

四、Tomact安装

可选项:Tomact7,Tomact8

为避免端口冲突,在Server.xml配置文件参考配置如下:

  在Tomact安装目录,conf目录server.xml文件用编辑器比如(sublime3)打开,参考下面端代码更新自己的配置文件   

 <Connector port="7180" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="7143" />
    <!-- A "Connector" using the shared thread pool-->
    <!--
    <Connector executor="tomcatThreadPool"
               port="7180" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="7143" />
    -->
    <!-- Define a SSL HTTP/1.1 Connector on port 7143
         This connector uses the BIO implementation that requires the JSSE
         style configuration. When using the APR/native implementation, the
         OpenSSL style configuration is required as described in the APR/native
         documentation -->
    <!--
    <Connector port="7143" protocol="org.apache.coyote.http11.Http11Protocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" />
    -->

    <!--Https配置-->
    <Connector port="7143" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" 
               maxThreads="200" scheme="https" secure="true" 
               clientAuth="false" sslProtocol="TLS" 
               keystoreFile="d:/Keys/.keystore" 
               keystorePass="changeit" />
    <!-- Define an AJP 1.3 Connector on port 7109 -->
    <Connector port="7109" protocol="AJP/1.3" redirectPort="7143" />

 

 

五、SSL安装证书制作

A.        JavaHttps证书制作

建议将其存为bat文件,注意path路径

set path="C:\Program Files (x86)\Java"

keytool -genkey -alias tomcat -keyalg RSA -storepass changeit -keystore c:\keys\.keystore -validity 3600

pause

 

B.        Java导出证书

建议将其存为bat文件,注意path路径

set path="C:\Program Files (x86)\Java"

keytool -export -trustcacerts -alias tomcat -file c:\keys\tomcat.cer -keystore c:\keys\.keystore -storepass changeit

pause

C.        Java导出证书到JDK证书信任库

建议将其存为bat文件,注意path路径

set path="C:\Program Files (x86)\Java"

keytool -import -trustcacerts -alias tomcat -file c:\keys\tomcat.cer -keystore "C:\Program Files (x86)\Java\jre7\lib\security\cacerts" -storepass changeit

pause

D.        列出信任证书库所有已有证书

建议将其存为bat文件,注意path路径

set path="C:\Program Files (x86)\Java"

keytool -list -v -keystore "C:\Program Files (x86)\Java\jre7\lib\security\cacerts"

pause

E.         从信任证书库中删除证书

建议将其存为bat文件,注意path路径

set path=C:\Program Files (x86)\Java

keytool -delete -trustcacerts -alias tomcat -keystore C:\Program Files (x86)\Java\jre7\lib\security\cacerts -storepass changeit

pause

 

F.         证书与Tomact配置

配置文件:Tomact,安装Conf文件夹Server.xml配置,参考配置如下

    <!--Https配置-->
    <Connector port="7143" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" 
               maxThreads="200" scheme="https" secure="true" 
               clientAuth="false" sslProtocol="TLS" 
               keystoreFile="d:/Keys/.keystore" 
               keystorePass="changeit" 
    />

  

KeystoreFile,就是证书地址,keystorePass证书密码

注意:证书制作时,JDK地址是有效的

 

CAS配置(一)SSL证书配置


联系
我们