2.1.1.6 设置SSL

注意:本文讲述的是Tomcat设置为SSL,与汇智魔方应用本身无关。完成设置后,用户可以通过https协议访问使用汇智魔方。

生成keystore文件

  1. 在命令提示符中运行Java中的keytool,例如:
    C:\Program Files\Java\jdk1.8.0_31\bin>keytool -genkey -alias tomcat -keyalg RSA
    

    可参考以下步骤:
    Enter keystore password: password
    Re-enter new password: password
    What is your first and last name?
      [Unknown]:  Robert
    What is the name of your organizational unit?
      [Unknown]:  home
    What is the name of your organization?
      [Unknown]:  home
    What is the name of your City or Locality?
      [Unknown]:  SF
    What is the name of your State or Province?
      [Unknown]:  CA
    What is the two-letter country code for this unit?
      [Unknown]:  US
    Is CN=Robert, OU=home, O=home, L=SF, ST=CA, C=US correct?
      [no]:  yes
     
    Enter key password for <tomcat>
            (RETURN if same as keystore password): password
    Re-enter new password: password
    C:\Program Files\Java\jdk1.7.0\bin>
    
  2. 完成后你可以在:/Users/Robert/目录下得到.keystore文件

配置tomcat server.xml

  1. 确认已停止Tomcat服务
  2. 打开\apache-tomcat\conf\server.xml,找到以下代码,取消注释并根据情况修改代码
    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
    This connector uses the NIO implementation that requires the JSSE
    style configuration. When using the APR/native implementation, the
    OpenSSL style configuration is required as described in the APR/native
    documentation -->
    
    < Connector 
    port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS" 
    
    keystoreFile="C:/Users/Robert/.keystore" 
    keystorePass="password"
    />
    

    port:8443 改成 443 (如果你希望通过 https://yourDomain 登陆,而非https://yourDomain:8443)
    keystoreFile的值为.keystore的路径
    keystorePass的值为之前定义的密码
  3. 启动汇智魔方
  4. 你现在可以根据你所设置的域名,通过 https://yourDomain/wm 或者 https://yourDomain:8443/wm 登陆到汇智魔方了
Create by Sean Fung on 2014-08-29 15:17:51.0
Last updated by Sean Fung on 2015-07-20 14:04:37.0