Brief introduction
The first three introduced based on Centos7 / Linux environment to install jdk, Tomcat and Nginx to do load balancing practice, today we learn about installing Tomcat SSL digital certificates.
Imprint
- jdk :jdk1.8.0_172
- tomcat :apache-tomcat-8.5.30
- nginx: nginx-1.13.11 (relatively speaking, not very old version ha ~ ~ ~)
- SSL Certificate: Certificate Ali cloud services used herein Case
The first step: SSL Certificate Services buy:
Experimental use, choose the free version, if the line is relatively high security requirements of the proposed selection Professional, Premium, Enhanced SSL certificate. We can use the free version of the ~ ~ ~
Step two: SSL certificate request:
Advance information ready to apply for the certificate, such as: domain name, location, authentication and so on. As shown below:
Note: CSR system-generated, the system will automatically help you generate a certificate private key, and can download certificates and private keys in the certificates in the certificate application is successful direct management list.
You can also generate their own CSR (Certificate Signing Request) certificate request file and upload CSR, download your certificate after a successful certificate request directly in the certificate management list.
It is recommended that the system generates way on it, not so much trouble!
The next step is to save the information, and wait for the completion of the approval certificate Ali cloud (normally within one hour can pass), the status changes has been issued.
The third step: download the required certificates:
Download the SSL certificate is required depending on the application server type, because my environment is Tomcat, so I chose the option to download Tomcat (demand options)
Step four: Install Certificate:
Unzip the downloaded SSL digital certificate archive, a total of two files shown below, one is we are going to use pfx certificate, a certificate is password .txt:
The pfx file into tomcat / conf / directory (created here in order to distinguish between good and then we conf directory cret a folder to hold the certificate), as shown below:
Modify Tomcat server.xml configuration file
This step is very important, remember to back up what server.xml file, develop a good habit to modify configuration files backed up before it!
Adding certificate configuration
<Connector port="9444" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12" keystoreFile="conf/cret/hy.hongseliba.cn.pfx" keystorePass="1nNjsK49" />
- Port consistent configuration port (default 8080) and adding the redirectPort certificate (port can be changed according to the needs, we are here with 9444);
- keystoreFile certification path, just put pix path of tomcat;
- keystorePass certificate password, which has a direct copy archive put here just fine;
Finally, save and restart tomcat.
Step five: Test:
If you use https access still does not work, then you need to check the following points:
1, check the firewall port configuration is open outside the network can access.
2, check whether the port is already occupied (see tomcat / logs / catalina.out log files to troubleshoot).
3, keystoreFile and keystorePass configured correctly, you can copy a password, pay special attention to the certification path.
As you have any questions or have any difficulties during the installation process may leave a message oh ~ ~ ~
