1. TOMCAT SSL SETTING
1. Environment
1.1 Tomcat 6.0.16
1.2 JDK 1.6.0_11
1.3 Windows Vista Home Premium SP1
2. Define Visual Host
2.1 至 C:WindowsSystem32driversetc 修改 hosts 檔,加入虛擬站台
例如: 192.168.102.77 slantkang-hp.iks.com.tw
2.2 開啟 %CATALINA_HOME%conf 編輯 server.xml
找這一行
<Engine name="Catalina" defaultHost="localhost">
把 localhost 改成你剛剛設的,例如 slantkang-hp.iks.com.tw
找這一行
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
把 localhost 改成你剛剛設的,例如 slantkang-hp.iks.com.tw
存檔,重啟湯姆貓後,試試看
http:// slantkang-hp.iks.com.tw:8080
3. 切換 Console 模式並切換到 %
CATALINA_HOME % 下，執行下列步 驟
Step 1. Generate an RSA key pair and a self-signed certificate
JDK 1.6:
keytool -genkeypair -alias tomcat -keyalg RSA -keystore server.keystore
JDK 1.5:
keytool -genkey -alias tomcat -keyalg RSA -keystore server.keystore
-keypass changeit
-storepass changeit
-keysize 1024
//KEY SIZE
-validity 365
//certificate valid for 365 days before expiring

2. * password:changeit
* the web browser will check the value of this field against the fully qualified hostname of your server. If the CN field value does not match the server’s hostname,
the web browser will warn the user that they do not match.

3. Step 2 Generate a certificate signing request (CSR) from the key pair
keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore
server.keystore

4. * password:changeit
Step 3 Send the CSR to the CA. Again
到 https://www.thawte.com/ucgi/gothawte.cgi?a=w14100158767049000 用 CSR
檔案申請憑證,將憑證檔案命名為 tomcat.cer

5. 到 http://www.thawte.com/roots/index.html
Step 4 下載 Root Certificate 並且把它 import 到 keystore 裡面
keytool -import -alias root -keystore server.keystore -trustcacerts -file GCA.cer
OR
keytool -import -alias root -keystore server.keystore -trustcacerts -file “Thawte
Test CA Root.cer”

7. Step 5.將 tomcat.cer import 到 keystore
keytool -import -alias tomcat -keystore server.keystore -trustcacerts -file
tomcat.cer

8. 4. 配置 TOMCAT
修改 %TOMCAT_HOME%confserver.xml
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="D:/tools/apache-tomcat-6.0.16/server.keystore"
keystorePass="changeit"/>
5. 配置 Webapp 的 Web.xml(紅色區塊)
<security-constraint>
<web-resource-collection>
<web-resource-name>DisabledMethods</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>PUT</http-method>
<http-method>TRACE</http-method>
<http-method>OPTIONS</http-method>
</web-resource-collection>

9. <auth-constraint/>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>OrdinaryUserAction</web-resource-name>
<url-pattern>/index-in.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Purchase</web-resource-name>
<url-pattern>/test.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login1.jsp</form-login-page>
<form-error-page>/errorpage.jsp</form-error-page>
</form-login-config>
</login-config>
6.
輸入網址 https://slantkang-

10. hp.iks.com.tw:8443/CMS/test.jsp
PS. https 的 S 要記得打,因為我都會忘記 ><
PS. 就算你打 http://slantkang-hp.iks.com.tw:8080/CMS/test.jsp
還是會強制導到 https://slantkang-hp.iks.com.tw:8443/CMS/test.jsp