1. 首页
  2. 问答
  3. 使用生成的密钥库文件的tomcat https配置

使用生成的密钥库文件的tomcat https配置

2017-03-20 38 views
0

在我开始之前,我只是按照来自DZone的步骤进行操作。使用生成的密钥库文件的tomcat https配置

Setting Up Tomcal SSL in 5 Minutes

我已经看到了几个类似的教程,但我无法找到答案我的问题。

问题:

我可以访问HTTP/8080,但不能访问HTTPS/8443,它似乎永远载入。
尝试使用HTTP/8443其中得到一个错误(正如我所料)

我尝试使用卷曲命令:

[email protected]:/home/borgymanotoy$ curl -Iv https://localhost:8443 
* Rebuilt URL to: https://localhost:8443/ 
* Trying 127.0.0.1... 
* Connected to localhost (127.0.0.1) port 8443 (#0) 
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt 
* found 697 certificates in /etc/ssl/certs 
* ALPN, offering http/1.1 
* Operation timed out after 300495 milliseconds with 0 out of 0 bytes received 
* Closing connection 0 
curl: (28) Operation timed out after 300495 milliseconds with 0 out of 0 bytes received

注:

我随后在给定的位点的步骤。检查以下内容:

1)成功生成.keystore文件。
2)用密码正确地更新了tomcat的server.xml和生成密钥库文件的确切路径,并检查了正确的情况。
3)检查了tomcat日志并没有发现任何错误。

任何人试图按照链接中的步骤,得到了错误,并修复它?

来源

2017-03-20 Borgy Manotoy

+0

keystoreFile = “/用户/ loiane /的.keystore” - 这条线的站点。您是否添加了确切的密钥库文件名? – jorrin

+0

如果你尝试'openssl s_client -connect localhost:8443',会发生什么? – Andreas

+0

@jorrin是我有,keystoreFile =“/ home/borgymanotoy/.keystore” –

回答

0

感谢nandsito指向最新的tomcat指南。

顺便说一句,我使用的是运行在Ubuntu Linux上的Tomcat 8.5。 本教程使用Tomcat 7,因此我有一些连接问题。

我只在我的tomcat的server.xml文件上设置SSL连接器设置。

<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> 
<Connector 
     protocol="org.apache.coyote.http11.Http11NioProtocol" 
     port="8443" maxThreads="200" 
     scheme="https" secure="true" SSLEnabled="true" 
     keystoreFile="/home/borgymanotoy/.keystore" keystorePass="bilat-savore" 
     clientAuth="false" sslProtocol="TLS" />

重新启动我的Tomcat,并试图curl命令:

$ curl -Iv https://localhost:8443 

* Rebuilt URL to: https://localhost:8443/ 
* Trying ::1... 
* Connected to localhost (::1) port 8443 (#0) 
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt 
* found 694 certificates in /etc/ssl/certs 
* ALPN, offering http/1.1 
* SSL connection using TLS1.2/ECDHE_RSA_AES_256_GCM_SHA384 
* server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none 
* Closing connection 0 
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none 
More details here: https://curl.haxx.se/docs/sslcerts.html 

curl performs SSL certificate verification by default, using a "bundle" 
of Certificate Authority (CA) public keys (CA certs). If the default 
bundle file isn't adequate, you can specify an alternate file 
using the --cacert option. 
If this HTTPS server uses a certificate signed by a CA represented in 
the bundle, the certificate verification probably failed due to a 
problem with the certificate (it might be expired, or the name might 
not match the domain name in the URL). 
If you'd like to turn off curl's verification of the certificate, use 
the -k (or --insecure) option.

我现在可以访问https://localhost:8443/

来源

2017-03-21 10:59:38

相关问题

 相关问题