1. 首頁
  2. 問答
  3. 使用生成的密鑰庫文件的tomcat https配置

使用生成的密鑰庫文件的tomcat https配置

2017-03-20 81 views
0

在我開始之前,我只是按照來自DZone的步驟進行操作。使用生成的密鑰庫文件的tomcat https配置

Setting Up Tomcal SSL in 5 Minutes

我已經看到了幾個類似的教程,但我無法找到答案我的問題。

問題:

我可以訪問HTTP/8080,但不能訪問HTTPS/8443,它似乎永遠載入。
嘗試使用HTTP/8443其中得到一個錯誤(正如我所料)

我嘗試使用捲曲命令:

[email protected]:/home/borgymanotoy$ curl -Iv https://localhost:8443 
* Rebuilt URL to: https://localhost:8443/ 
* Trying 127.0.0.1... 
* Connected to localhost (127.0.0.1) port 8443 (#0) 
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt 
* found 697 certificates in /etc/ssl/certs 
* ALPN, offering http/1.1 
* Operation timed out after 300495 milliseconds with 0 out of 0 bytes received 
* Closing connection 0 
curl: (28) Operation timed out after 300495 milliseconds with 0 out of 0 bytes received

注:

我隨後在給定的位點的步驟。檢查以下內容:

1)成功生成.keystore文件。
2)用密碼正確地更新了tomcat的server.xml和生成密鑰庫文件的確切路徑,並檢查了正確的情況。
3)檢查了tomcat日誌並沒有發現任何錯誤。

任何人試圖按照鏈接中的步驟,得到了錯誤,並修復它?

來源

2017-03-20 Borgy Manotoy

+0

keystoreFile = 「/用戶/ loiane /的.keystore」 - 這條線的站點。您是否添加了確切的密鑰庫文件名? – jorrin

+0

如果你嘗試'openssl s_client -connect localhost:8443',會發生什麼? – Andreas

+0

@jorrin是我有,keystoreFile =「/ home/borgymanotoy/.keystore」 –

回答

0

感謝nandsito指向最新的tomcat指南。

順便說一句,我使用的是運行在Ubuntu Linux上的Tomcat 8.5。 本教程使用Tomcat 7,因此我有一些連接問題。

我只在我的tomcat的server.xml文件上設置SSL連接器設置。

<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> 
<Connector 
     protocol="org.apache.coyote.http11.Http11NioProtocol" 
     port="8443" maxThreads="200" 
     scheme="https" secure="true" SSLEnabled="true" 
     keystoreFile="/home/borgymanotoy/.keystore" keystorePass="bilat-savore" 
     clientAuth="false" sslProtocol="TLS" />

重新啓動我的Tomcat,並試圖curl命令:

$ curl -Iv https://localhost:8443 

* Rebuilt URL to: https://localhost:8443/ 
* Trying ::1... 
* Connected to localhost (::1) port 8443 (#0) 
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt 
* found 694 certificates in /etc/ssl/certs 
* ALPN, offering http/1.1 
* SSL connection using TLS1.2/ECDHE_RSA_AES_256_GCM_SHA384 
* server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none 
* Closing connection 0 
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none 
More details here: https://curl.haxx.se/docs/sslcerts.html 

curl performs SSL certificate verification by default, using a "bundle" 
of Certificate Authority (CA) public keys (CA certs). If the default 
bundle file isn't adequate, you can specify an alternate file 
using the --cacert option. 
If this HTTPS server uses a certificate signed by a CA represented in 
the bundle, the certificate verification probably failed due to a 
problem with the certificate (it might be expired, or the name might 
not match the domain name in the URL). 
If you'd like to turn off curl's verification of the certificate, use 
the -k (or --insecure) option.

我現在可以訪問https://localhost:8443/

來源

2017-03-21 10:59:38

相關問題

 相關問題