我想在我的Tomcat中启用SSL.
但是当我启动Tomcat并转到 https://localhost:8443时,我看到了
但是当我启动Tomcat并转到 https://localhost:8443时,我看到了
An error occurred during a connection to localhost:8443. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)
为此,我使用CA.sh生成私钥和签名证书,如下所示:
progerlaptop:/usr/share/ssl/misc # ./CA.sh -newca CA certificate filename (or enter to create) Making CA certificate ... Generating a 1024 bit RSA private key ................................++++++ .............................................++++++ writing new private key to './demoCA/private/./cakey.pem' Enter PEM pass phrase: pass Verifying - Enter PEM pass phrase: pass ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value,If you enter '.',the field will be left blank. ----- Country Name (2 letter code) [AU]:UK State or Province Name (full name) [Some-State]:Chernihiv Locality Name (eg,city) []:Chernihiv Organization Name (eg,company) [Internet Widgits Pty Ltd]:University Organizational Unit Name (eg,section) []:student Common Name (eg,YOUR name) []:localhost Email Address []:proger@localhost Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from /etc/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/./cakey.pem: Check that the request matches the signature Signature ok Certificate Details: Serial Number: c6:55:7e:58:1b:4d:9c:7e Validity Not Before: Nov 25 13:17:31 2010 GMT Not After : Nov 24 13:17:31 2013 GMT Subject: countryName = UK stateOrProvinceName = Chernihiv organizationName = University organizationalUnitName = student commonName = localhost emailAddress = proger@localhost X509v3 extensions: X509v3 Subject Key Identifier: C7:98:1E:68:A7:3A:C4:B2:46:C8:88:99:C8:D5:CA:66:D3:94:23:66 X509v3 Authority Key Identifier: keyid:C7:98:1E:68:A7:3A:C4:B2:46:C8:88:99:C8:D5:CA:66:D3:94:23:66 X509v3 Basic Constraints: CA:TRUE Certificate is to be certified until Nov 24 13:17:31 2013 GMT (1095 days) Write out database with 1 new entries Data Base Updated progerlaptop:/usr/share/ssl/misc # ./CA.sh -newreq Generating a 1024 bit RSA private key ............++++++ .........................++++++ writing new private key to 'newkey.pem' Enter PEM pass phrase: pass Verifying - Enter PEM pass phrase: pass ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value,YOUR name) []:localhost Email Address []:proger@localhost Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Request is in newreq.pem,private key is in newkey.pem progerlaptop:/usr/share/ssl/misc # CA.sh -sign Using configuration from /etc/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/cakey.pem: pass ... Sign the certificate? [y/n]:y ... Signed certificate is in newcert.pem
将密钥和证书复制到我的Tomcat目录中.
cp newcert.pem newkey.pem /path/to/tomcat-6.0.29/ssl/
添加到我的server.xml的连接器:
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableuploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEngine="on".
SSLCertificateFile="${catalina.base}/ssl/newcert.pem"
SSLCertificateKeyFile="${catalina.base}/ssl/newkey.pem".
SSLPassword="pass"/>
然后我开始catalina.sh运行.
当我去https://localhost:8443/时,我看到了这个令人讨厌的错误.
我什么时候做错了?
先感谢您
