Jakarta-Tomcat 伺服器SSL數字證書安裝指南
Jakarta-Tomcat 伺服器SSL數字證書安裝指南
Installing your Web Server Certificate
Your certificate will be sent to you by email. The email message includes the web server certificate that you purchased in the body of the email message.
Copy the certificate from the body of the email and paste it into a text editor (such as notepad) to create text files.
Note if you are installing the certificate on anything other than a Sun system you will have to convert the certificate to binary format. You can use OpenSSL (obtained from www.openssl.org) to convert the certificate to binary format.
Install the QuickSSL certificate:
1. Copy/paste your GeoTrust root certificate into a text editor and save the file as geotrustca.pem. The root certificate is not normally sent out with GeoTrust certificates.
您收到來自GeoTrust的Email的最下面就是您的證書,請複製從「-----BEGIN CERTIFICATE-----」開始 (包括-----BEGIN CERTIFICATE-----)到「-----END CERTIFICATE-----」結束(包括-----END CERTIFICATE-----) 的整段字元到記事本中,並另存為您申請證書時使用的網址.cer文件,如您申請證書時使用的網址為secure.domainname.com,則另存為secure.domainname.com.cer,再點擊此文件請查看您的證書的頒發者名稱,再根據此名稱到http://www.WoTrust.com/support/root_certificates.htm 頁面上下載相應的根證書,一般是ROOT 5,下載第1個格式文件就可以了。
2. Copy/paste your web server certificate into a text editor and save the file as domainname.pem (substitute domainname for the domain name that you purchased the certificate for.)
把您的伺服器證書重新命名為.pem後綴文件,並拷到伺服器上,如:secure.domainname.com.pem 。
2a. If necessary, convert the server certificate and root certificate to binary format (must have openssl installed) using the following command:
如果需要把根證書和伺服器證書轉換為二進位文件(必須已經安裝OpenSSL),請使用如下命令:
openssl x509 -in domainname.pem -inform PEM -outform DER -out domainname.crt
openssl x509 -in geotrustca.pem -inform PEM -outform DER -out geotrustca.crt
3. Import the "Root Certificate" using the following command(使用如下命令導入根證書):
$JAVA_HOME/bin/keytool -import -alias geotrustca -keystore /path/to/domainname.kdb -file geotrustca.crt
4. Import the "Server Certificate" using the following command(使用如下命令導入伺服器證書):
$JAVA_HOME/bin/keytool -import -alias tomcat -keystore /path/to/domainname.kdb -file domainname.crt
Note: You must use the alias name of "tomcat"
Update server.xml configuration file(修改配置文件: server.xml):
1. Open "$JAKARTA_HOME/conf/server.xml" in a text editor.
2. Find the following section:
<Connector className="org.apache.catalina.connector.http.HttpConnector"
port="8443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="10" debug="0" scheme="https" secure="true">
<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="false" protocol="TLS"
keystoreFile="tomcat.kdb"
keystorePass="password"/>
3. If you want Tomcat to use the default SSL port, change all instances of the port number 8443 to 443.
如果您希望Tomcat使用SSL標準埠,請修改埠8443為443。如果您在同一台物理伺服器上要安裝多個SSL證書,則不同的域名要使用不同的埠如448,SSL訪問時則必須使用https://secure.domainname2.com:448/ 。
4. Add the keystoreFile and keystorePass directives to correspond with the keystore file and password that you are using.
修改正確的keystoreFile和keystorePass的存放目錄。
5. Start or restart Tomcat using the appropriate startup script (startup.sh for unix/linux or startup.bat for windows)
重新啟動Tomcat即可,注意使用合適的啟動腳本。
http://www.wotrust.com 提供技術支持!
《解決方案》
丁頁
《解決方案》
這裡有更詳細的,配圖:http://www.wosign.com/support/SSLins/Apache_ins.htm
《解決方案》
:mrgreen:
