配置SSL Tomcat 7导入comodo apache证书

时间:2017-01-10 16:10:14

标签: apache tomcat ssl tomcat7 ssl-certificate

我使用openssl生成csr和密钥文件,我购买了COMODO提供的SSL证书,我在端口443上的apache服务器上安装了SSL服务,它可以工作!在同一台服务器上,我安装了在端口8080上运行的apache tomcat7。我想在Tomcat7端口8443中安装相同的证书.COMODO为我提供了两个文件:certificate .crt和中间.ca-bundle文件。使用这些文件,我生成了一个密钥库,使用以下指令导入文件:

keytool -import -alias root -keystore <your_keystore_filename>
-trustcacerts -file <filename_of_the_chain_certificate - .ca-bundle>

keytool -import -alias tomcat -keystore <your_keystore_filename>
-file <your_certificate_filename .crt>

配置server.xml文件后:

&#13;
&#13; 
<Connector port="8443"cprotocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true" maxThreads="150" scheme="https" secure="true"
maxHttpHeaderSize="8192" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" clientAuth="false"
sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"
keystoreFile="/etc/apache2/ssl/keystore" keystorePass="password"
sslProtocols="TLSv1, TLSv1.1, TLSv1.2"
ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,  TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,  TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,  TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,  
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,  TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,  TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,  TLS_DHE_DSS_WITH_AES_128_CBC_SHA,  TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,  TLS_ECDH_ECDSA_WITH_RC4_128_SHA,  TLS_ECDH_RSA_WITH_RC4_128_SHA,  TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,  TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,  TLS_RSA_WITH_AES_256_GCM_SHA384,  TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,  TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,  TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,  TLS_RSA_WITH_AES_128_GCM_SHA256,  TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,  TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,  TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,  TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,  TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,  TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,  TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,  TLS_EMPTY_RENEGOTIATION_INFO_SCSVF  "/>
&#13;
&#13;
&#13;

但没有工作,我在chrome中收到此消息:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

tomcat日志文件中没有。这有什么不对?感谢!!!

1 个答案:

答案 0 :(得分:0)

这是答案importing an existing x509 certificate and private key in Java keystore to use in ssl

但另外,COMO的.ca-bundle提供了两个证书,root和intermediate。您需要打开文件,提取证书并创建其他两个文件root.crt和intermediate.crt。使用此功能,您可以导入它们并创建新密钥,如上面的帖子所示。

相关问题
最新问题