问题:
在Tomcat上设置SSL并访问https
葛智敏
根据Tomcat文档,我运行以下命令来生成SSL密钥存储。
"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA
我得到以下几点:
Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore C:\Users\me\.keystore -destkeystore C:\Users\me\.keystore -deststoretype pkcs12".
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:\Users\me\.keystore"
keystorePass="password"/>
Self-signed SSL certificates are being blocked: Fix this by turning off 'SSL certificate verification' in Settings > General
c:\>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 me-171106:0 LISTENING
TCP 0.0.0.0:445 me-171106:0 LISTENING
TCP 0.0.0.0:2179 me-171106:0 LISTENING
TCP 0.0.0.0:4000 me-171106:0 LISTENING
TCP 0.0.0.0:5040 me-171106:0 LISTENING
TCP 0.0.0.0:5357 me-171106:0 LISTENING
TCP 0.0.0.0:5473 me-171106:0 LISTENING
TCP 0.0.0.0:7680 me-171106:0 LISTENING
TCP 0.0.0.0:8009 me-171106:0 LISTENING
TCP 0.0.0.0:8080 me-171106:0 LISTENING
TCP 0.0.0.0:49664 me-171106:0 LISTENING
TCP 0.0.0.0:49665 me-171106:0 LISTENING
TCP 0.0.0.0:49666 me-171106:0 LISTENING
TCP 0.0.0.0:49667 me-171106:0 LISTENING
TCP 0.0.0.0:49668 me-171106:0 LISTENING
TCP 0.0.0.0:49669 me-171106:0 LISTENING
TCP 0.0.0.0:49670 me-171106:0 LISTENING
TCP 0.0.0.0:63938 me-171106:0 LISTENING
TCP 0.0.0.0:63939 me-171106:0 LISTENING
TCP 0.0.0.0:64466 me-171106:0 LISTENING
TCP 127.0.0.1:1023 me-171106:0 LISTENING
TCP 127.0.0.1:4000 me-171106:49984 TIME_WAIT
TCP 127.0.0.1:4000 me-171106:50004 ESTABLISHED
TCP 127.0.0.1:4000 me-171106:50019 ESTABLISHED
TCP 127.0.0.1:6942 me-171106:0 LISTENING
TCP 127.0.0.1:8005 me-171106:0 LISTENING
TCP 127.0.0.1:14617 me-171106:50041 FIN_WAIT_2
TCP 127.0.0.1:19361 me-171106:50006 ESTABLISHED
TCP 127.0.0.1:19385 me-171106:50020 ESTABLISHED
TCP 127.0.0.1:49985 me-171106:33544 TIME_WAIT
TCP 127.0.0.1:50004 me-171106:4000 ESTABLISHED
TCP 127.0.0.1:50006 me-171106:19361 ESTABLISHED
TCP 127.0.0.1:50019 me-171106:4000 ESTABLISHED
TCP 127.0.0.1:50020 me-171106:19385 ESTABLISHED
TCP 127.0.0.1:50041 me-171106:14617 CLOSE_WAIT
TCP 127.0.0.1:57130 me-171106:0 LISTENING
TCP 127.0.0.1:57130 me-171106:61593 ESTABLISHED
TCP 127.0.0.1:57738 me-171106:62522 ESTABLISHED
TCP 127.0.0.1:60959 me-171106:60960 ESTABLISHED
TCP 127.0.0.1:60960 me-171106:60959 ESTABLISHED
TCP 127.0.0.1:61582 me-171106:61583 ESTABLISHED
TCP 127.0.0.1:61583 me-171106:61582 ESTABLISHED
TCP 127.0.0.1:61593 me-171106:57130 ESTABLISHED
TCP 127.0.0.1:61594 me-171106:61595 ESTABLISHED
TCP 127.0.0.1:61595 me-171106:61594 ESTABLISHED
TCP 127.0.0.1:62522 me-171106:0 LISTENING
TCP 127.0.0.1:62522 me-171106:57738 ESTABLISHED
TCP 127.0.0.1:62743 me-171106:62744 ESTABLISHED
TCP 127.0.0.1:62744 me-171106:62743 ESTABLISHED
TCP 127.0.0.1:62745 me-171106:62746 ESTABLISHED
TCP 127.0.0.1:62746 me-171106:62745 ESTABLISHED
TCP 127.0.0.1:62752 me-171106:62753 ESTABLISHED
TCP 127.0.0.1:62753 me-171106:62752 ESTABLISHED
TCP 127.0.0.1:62754 me-171106:62755 ESTABLISHED
TCP 127.0.0.1:62755 me-171106:62754 ESTABLISHED
TCP 127.0.0.1:62756 me-171106:62757 ESTABLISHED
TCP 127.0.0.1:62757 me-171106:62756 ESTABLISHED
TCP 127.0.0.1:62758 me-171106:62759 ESTABLISHED
TCP 127.0.0.1:62759 me-171106:62758 ESTABLISHED
TCP 127.0.0.1:63342 me-171106:0 LISTENING
TCP 127.0.0.1:64418 me-171106:64419 ESTABLISHED
TCP 127.0.0.1:64419 me-171106:64418 ESTABLISHED
TCP 127.0.0.1:64593 me-171106:0 LISTENING
TCP 172.25.25.141:139 me-171106:0 LISTENING
TCP 172.25.25.141:49623 40.97.48.98:https ESTABLISHED
TCP 172.25.25.141:49797 40.97.48.98:https ESTABLISHED
TCP 172.25.25.141:49898 151.101.65.69:https TIME_WAIT
TCP 172.25.25.141:49911 stackoverflow:https ESTABLISHED
TCP 172.25.25.141:49981 40.97.48.98:https ESTABLISHED
TCP 172.25.25.141:50014 server-52-84-16-177:https ESTABLISHED
TCP 172.25.25.141:50015 ec2-52-71-1-248:https ESTABLISHED
TCP 172.25.25.141:50028 ec2-50-16-236-165:http ESTABLISHED
TCP 172.25.25.141:50029 sea15s07-in-f4:https CLOSE_WAIT
TCP 172.25.25.141:50030 gigaspeedtest:http ESTABLISHED
TCP 172.25.25.141:50031 sea15s07-in-f78:https ESTABLISHED
TCP 172.25.25.141:50032 vip1:http ESTABLISHED
TCP 172.25.25.141:50033 vip1:http ESTABLISHED
TCP 172.25.25.141:50034 vip1:http ESTABLISHED
TCP 172.25.25.141:50035 vip1:http ESTABLISHED
TCP 172.25.25.141:50036 vip1:http ESTABLISHED
TCP 172.25.25.141:50037 vip1:http ESTABLISHED
TCP 172.25.25.141:50038 sea15s07-in-f78:https ESTABLISHED
Dec 19, 2017 1:32:13 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-nio-8080"]
Dec 19, 2017 1:32:13 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-nio-8009"]
Dec 19, 2017 1:32:13 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 18955 ms
共有1个答案
陈琪
问题解决了。原因是由于TC配置。它不知何故被搞砸了,端口8443。现在,当使用Postman关闭SSL证书验证时,我可以访问端口8443上的那些RESTendpoint。
类似资料:
-
我正在尝试在Windows上为SSL配置Tomcat 8。 我遵循了这里的说明: https://www.mulesoft.com/tcat/tomcat-ssl 因此,我创建了密钥库: 和企业社会责任: 我从提供商那里拿回了根文件和新证书,并将它们安装在密钥库中: 然后在Tomcat的服务器上。xml我已取消注释并更新: 并重新启动,但当我转到: 我只是得到一个暂停,我被难住了。stackove
-
我设置了一个密钥库,并从openssl.com.获得了SSL证书。我遵循的确切步骤如下:https://drive.google.com/file/d/0B6PUGo7cBLcDTzdkc0pzT2pTMk0/view?usp=sharing 不幸的是,即使在严格按照tomcat的说明并与客户支持人员合作后,我的https连接也超时了。 tomcat似乎已启动并运行,正在监听端口443,但我不知道
-
我正在尝试在eclipse中为java配置带有Tomcat 7的SSL。我已经配置了server.xml: 我正在做一个应用程序客户机/服务器,服务器工作正常,但当我执行客户机时,我出现以下错误: 线程"main"中的异常process_recordClientHandlerException: javjavax.net.ssl.SSLHandshakeException:sun.security
-
第2步。在server.xml中,增加以下内容: 启动时https://localhost:8443错误为加载资源失败:::ERR_FAILED。我错过的任何设置。请帮忙。
-
我正在尝试在Eclipse中设置Tomcat。我已经按照本教程了解如何安装Tomcat,我甚至能够在localhost:8080上看到默认的Tomcat页面。 我现在需要的是在Eclipse上设置Tomcat。 我做以下事情: 作为Tomcat的安装目录,我输入,如上文中链接的教程所述: 我们将把Tomcat安装到/opt/Tomcat目录。创建目录,然后将存档文件提取到其中〔…〕 但是我得到以下
-
我有一个广告发布的证书,可以绑定到TomCat SSL安装。 我创建密钥库/导入证书: 已配置SSL连接器引用密钥库 列表项 重新启动TomCat服务 当我转到证书FQDN/webapp时。html-我什么也得不到。 这是为什么? 有人在谈论如何改变现状。cer证书到jks吗?还需要安装根证书或中间证书吗? 有人知道这是如何变得简单的吗。我已经阅读了文档,但仔细遵循这些步骤确实不是很清楚。 会感激