本文将指导您如何将Tomcat(Joget运行依赖的Web服务器)设置 SSL. 请记住,这是服务层级(Tomcat)的配置,不是应用层级(Joget). 不同的Web服务器设置方法不错.
首先, 我们将生成一个key store文件. 您可以用(或不用)SSL 证书(需从SSL证书供应商处购买)生成它. 以下是自己生成的例子(不用购买证书).
C:\Program Files\Java\jdk1.7.0\bin>keytool -genkey -alias tomcat -keyalg RSA
Enter keystore password: password
Re-enter new password: password
What is your first and last name?
[Unknown]: Robert
What is the name of your organizational unit?
[Unknown]: home
What is the name of your organization?
[Unknown]: home
What is the name of your City or Locality?
[Unknown]: SF
What is the name of your State or Province?
[Unknown]: CA
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=Robert, OU=home, O=home, L=SF, ST=CA, C=US correct?
[no]: yes
Enter key password for <tomcat>
(RETURN if same as keystore password): password
Re-enter new password: password
C:\Program Files\Java\jdk1.7.0\bin> |
请确保您的服务已停止. 打开 \apache-tomcat\conf\server.xml, 解除以下内容的注释并根据需要编辑.
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:/Users/Robert/.keystore"
keystorePass="password"
/> |
比较默认设置,以下是修改过的属性.
port: 8443 to 443 (If you intend to browse to https://yourDomain instead of https://yourDomain:8443)
keystoreFile: Path to the .keystore file
keystorePass: The password defined earlier
启动服务. 您可以通过 *https://yourDomain/jw* 或 *https://yourDomain:8443/jw* (根据您的配置决定端口号)访问Joget了.
参考:
Apache Tomcat 6.0 SSL Configuration HOW-TO
Setting Up SSL on Tomcat in 5 minutes