Configuring HTTPS by APR |
HTTPS enscryption by APR configuration is as follows:
1. Download OpenSSL from http://www.openssl.org/, and use OpenSSL for Windows.
2. Generate public key and private key using OpenSSL.
a) Add the bin of OpenSSL to the environment variable of system PATH, such as D:\OpenSSL-Win64\bin .
b)OpenSSL comman line:
openssl.exe
c) Create a private key for Tomcat, and execute:
genrsa -des3 -out D:\tomcatkey.pem 2048
Type a password, and then type it again. In this case, the private key of tomcatkey.pem is generated, and the path is D:\tomcatkey.pem.
d) Create a certificate using the private key
After the private key is created, you need to create a certificate. Type the following command:
req -new -x509 -key D:\tomcatkey.pem -out D:\tomcatcert.pem -days 1095
Type the password that is specified in creating the private key. A new period of self-signed certificate (1095 days) is generated, i.e., tomcatcert.pem. The path is D:\tomcatcert.pem.
3. Modify server.xml, and start SSL
a) Find the config of SSL HTTP/1.1 Connector:
1 2 3 4 5 6 7 8 | <!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation --> <!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" ... --> |
Remove the annotation:
1 2 3 4 5 6 7 8 9 10 11 | < Connector port = "8443" protocol = "HTTP/1.1" SSLEnabled = "true" maxThreads = "150" scheme = "https" secure = "true" URIEncoding = "utf-8" clientAuth = "false" SSLCertificateFile = "D:\tomcatcert.pem" SSLCertificateKeyFile = "D:\tomcatkey.pem" SSLPassword = "123456" sslProtocol = "TLS" /> |
4. Restart Tomcat. Access web application with HTTPS at port 8443.