This article SSL certificates used to record the steps to configure https Ali cloud Ali cloud and comes with how to open the port for the bloggers original article please indicate the source very grateful
In tomcat example, summarizes the installation steps:
- Ali cloud application SSL Certificates
- Unzip the downloaded application for the certificate on the corresponding domain name server
- Tomcat server.xml configuration in https access
The first step: Log Ali cloud console - domain - the domain name list - click to enter the list of domain name resolution
Step into the map after the domain name resolved in the list for more -SSL certificate certificate domain configuration of this column
The third step is where you can see there are two certificates can choose a fee is a free version of the free version is valid for one year here we choose the free version of certificate
After the fourth step application pending review of the audit free version quickly through the audit certificate list - has been issued can see
The fifth step installation certificate
After the issuance of the certificate on behalf of then we can use as long as the certificate configuration to the server can be accessed using https
Click Download our certificate into the server because the server with tomcat here I downloaded the tomcat
Installation steps can view documents Tomcat server SSL certificate installed additional servers Ali also provide installation documentation
Download the certificate to a local is a compressed file, which contains the unpacked file is a .pfx certificate file, pfx_password.txt certificate file is password.
Tips : Whenever you download will have a new password, which matches only certificate This download. If you need to update the certificate file, but also to update the password.
If you do not choose when applying for a certificate system to create CSR, is not the file, select the server to download other .crt file, use openssl command to generate their own pfx certificate.
To Tomcat7 standard configuration, for example, if the certificate file name is a.pfx.
Find the file server.xml under the Tomcat installation directory, usually the default path is the folder in the conf file. Found <Connection port = "8443" tag, add the following properties:
keystoreFile="cert/200613478180598.pfx"
keystoreType="PKCS12"
#此处的证书密码,请参考附件中的密码文件或在第1步中设置的密码
keystorePass="证书密码"This code is 8443 or more supplementary comments annotated to remove out of three attributes in server.xml can
Complete configuration as follows, wherein the port attributes modified according to actual situation:
<Connector port="8443"
protocol="HTTP/1.1"
SSLEnabled="true"
scheme="https"
secure="true"
keystoreFile="cert/a.pfx"
keystoreType="PKCS12"
keystorePass="证书密码"
clientAuth="false"
SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>To modify the https port as shown below:
Well, then it can that http and https access to the same domain name http default access port is 80 https the default is 443. If you can not access the situation appeared to check the cloud Ali port is opened if the port is opened or not access attempts replace the HTTP / 1.1 is org.apache.coyote.http11.Http11Protocol
End annexed Ali cloud - how to open port
If the certificate is not the above-described configuration at https another format of the certificate may try the certificate format below
Another way to configure certificate format into the format required certificate jks Note: the compressed file in the bin directory of the java installation unzip
In java installation bin hold down the shift key + right-click on a blank command here to play open window, enter the following command:
keytool -importkeystore -srckeystore 1754007_www.yrgkj.com.pfx -srcstoretype pkcs12 -destkeystore 1754007_www.yrgkj.com.jks -deststoretype JKSNote: 1754007_www.yrgkj.com.pfx file name 1754007_www.yrgkj.com.jks your pfx is that you convert the format of the file name
If the file is not before extracting a need to re-download the certificate to Ali cloud console archive in java bin otherwise convert the format will complain
Configuration in server.xml
<Connector port="8443"
protocol="HTTP/1.1"
SSLEnabled="true"
scheme="https"
secure="true"
keystoreFile="cert/a.jks"
keystorePass="证书密码"
clientAuth="false"
SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>Appendix I Ali cloud - how to open port
Ali cloud If you need to open port 443 access port 443 by default Ali is not opened 443 ports following steps to add Ali cloud port:
