Step 1 確認Java 版本與安裝位置
/usr/lib/jvm/java-7-openjdk-amd64/jre/bin
---
keytool 建立憑證請求檔案
keytool -genkeypair -alias a -keystore store.pfx -storetype pkcs12 -keyalg RSA -dname "CN=http://www.xxxxxxx.com,OU=Unit,O=Organization,L=Taipei,S=Taipei,C=TW" -keypass password -storepass password
備份設定檔
cp server.xml server.xml.20180324
防火牆開啟https port
vim iptables.save
iptables>iptables.save
iptables-save >iptables.save
確認有無監聽
netstat -atunlp
===
自簽自建
keytool -keysize 2048 -genkey -alias tomcat -keystore tomcat.keystore -keyalg RSA -dname "CN=vfm.xxxxxxxx.com,OU=Unit,O=Organization,L=Taipei,S=Taipei,C=TW" -keypass password-storepass password
==
產生CSR請求憑證
keytool -certreq -alias tomcat -file csr.txt -keystore tomcat.keystore -storepass password
==
安裝根憑證
keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file gd_bundle-g2-g1.crt -storepass password
===
刪除憑證
keytool -delete -alias root -keystore tomcat.keystore -storepass password
==
安裝中繼(不需要)
keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file gd_bundle-g2-g1.crt -storepass password
==
刪除中繼
keytool -delete -alias intermed -keystore tomcat.keystore -storepass password
==
安裝主機憑證
keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file vfm.xxxxxxx.com.crt -storepass password
==
刪除憑證(指令)
keytool -delete -alias tomcat -keystore tomcat.keystore -storepass password
憑證檢視列表
keytool -list -alias tomcat -keystore tomcat.keystore -storepass password
==
編輯Tomact 設定檔 (以下依版本不同會有所變更)
cd /var/lib/tomcat7/conf/
cp server.xml server.xml.20180324
vim server.xml
確認下列設定
#keystoreFile
#keystorePass
#sslProtocol
下列語法作參考
===
<Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="tomcat.keystore" keystorePass="password" />
=======
<Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
disableUploadTimeout="true" enableLookups="false" maxThreads="25"
port="9443" keystoreFile="tomcat.keystore" keystorePass="password"
protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
secure="true" sslProtocol="TLS" />
=======
<Connector SSLEnabled="true" acceptCount="2000" clientAuth="false"
disableUploadTimeout="true" enableLookups="false" maxThreads="500"
port="9443" keystoreFile="tomcat.keystore" keystorePass="password"
protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
secure="true" sslProtocol="TLS" />
=======
<Connector port="9443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="tomcat.keystore" keystorePass="password"
clientAuth="false" sslProtocol="TLS"/>
=======
更改完後重啟tomact
service tomcat7 restart
檢視tomcat log確認運行
tail -f /var/lib/tomcat7/logs/catalina.out
============
pr 25, 2018 5:19:49 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 967 ms
Apr 25, 2018 5:19:49 PM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Apr 25, 2018 5:19:49 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.52 (Ubuntu)
Apr 25, 2018 5:19:49 PM org.apache.catalina.loader.WebappClassLoader validateJarFile
INFO: validateJarFile(/var/lib/tomcat7/webapps/vfm/WEB-INF/lib/servlet-api.jar) - jar not loaded. See Servlet Spec 3.0, section 10.7.2. Offending class: javax/servlet/Servlet.class
log4j:WARN No appenders could be found for logger (org.springframework.web.context.ContextLoader).
log4j:WARN Please initialize the log4j system properly.