本文将指导您如何将Tomcat(Joget运行依赖的Web服务器)设置 SSL. 请记住,这是服务层级(Tomcat)的配置,不是应用层级(Joget). 不同的Web服务器设置方法不错.

1. 生成一个key store文件

首先, 我们将生成一个key store文件. 您可以用(或不用)SSL 证书(需从SSL证书供应商处购买)生成它. 以下是自己生成的例子(不用购买证书).

C:\Program Files\Java\jdk1.7.0\bin>keytool -genkey -alias tomcat -keyalg RSA
Enter keystore password: password
Re-enter new password: password
What is your first and last name?
  [Unknown]:  Robert
What is the name of your organizational unit?
  [Unknown]:  home
What is the name of your organization?
  [Unknown]:  home
What is the name of your City or Locality?
  [Unknown]:  SF
What is the name of your State or Province?
  [Unknown]:  CA
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=Robert, OU=home, O=home, L=SF, ST=CA, C=US correct?
  [no]:  yes

Enter key password for <tomcat>
        (RETURN if same as keystore password): password
Re-enter new password: password

C:\Program Files\Java\jdk1.7.0\bin>

2. 配置您的Tomcat

请确保您的服务已停止. 打开 \apache-tomcat\conf\server.xml, 解除以下内容的注释并根据需要编辑.

<!-- Define a SSL HTTP/1.1 Connector on port 8443
         This connector uses the JSSE configuration, when using APR, the
         connector should be using the OpenSSL style configuration
         described in the APR documentation -->

    <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"

			   keystoreFile="C:/Users/Robert/.keystore"
			   keystorePass="password"
			   />

比较默认设置,以下是修改过的属性.

port: 8443 to 443 (If you intend to browse to https://yourDomain instead of https://yourDomain:8443)
keystoreFile: Path to the .keystore file
keystorePass: The password defined earlier

启动服务. 您可以通过 *https://yourDomain/jw* 或 *https://yourDomain:8443/jw* (根据您的配置决定端口号)访问Joget了.

参考:

Apache Tomcat 6.0 SSL Configuration HOW-TO

Setting Up SSL on Tomcat in 5 minutes

  • No labels