Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This is a guide that shows you on how to set up SSL on your Tomcat that hosts Joget. Bear in mind that this is something that we configure at the server level (Tomcat) and not at application level (Joget). Methods to set up may differ from one web server to another本文将指导您如何将Tomcat(Joget运行依赖的Web服务器)设置 SSL. 请记住,这是服务层级(Tomcat)的配置,不是应用层级(Joget). 不同的Web服务器设置方法不错.

1.

...

生成一个key store文件

首先, 我们将生成一个key store文件. 您可以用(或不用)SSL 证书(需从SSL证书供应商处购买)生成它. 以下是自己生成的例子(不用购买证书)First of all, we will need to generate a key store file. You may want to generate it with or without a SSL certificate purchased from your SSL certificate provider. This is an example on generating one by ourselves.

Code Block
C:\Program Files\Java\jdk1.7.0\bin>keytool -genkey -alias tomcat -keyalg RSA
Enter keystore password: password
Re-enter new password: password
What is your first and last name?
  [Unknown]:  Robert
What is the name of your organizational unit?
  [Unknown]:  home
What is the name of your organization?
  [Unknown]:  home
What is the name of your City or Locality?
  [Unknown]:  SF
What is the name of your State or Province?
  [Unknown]:  CA
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=Robert, OU=home, O=home, L=SF, ST=CA, C=US correct?
  [no]:  yes

Enter key password for <tomcat>
        (RETURN if same as keystore password): password
Re-enter new password: password

C:\Program Files\Java\jdk1.7.0\bin>

2.

...

配置您的Tomcat

请确保您的服务已停止. 打开 Make sure that your server is not running. Open up \apache-tomcat\conf\server.xml, uncomment and edit the following lines accordingly解除以下内容的注释并根据需要编辑.

Code Block
langxml
<!-- Define a SSL HTTP/1.1 Connector on port 8443
         This connector uses the JSSE configuration, when using APR, the
         connector should be using the OpenSSL style configuration
         described in the APR documentation -->

    <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"

			   keystoreFile="C:/Users/Robert/.keystore"
			   keystorePass="password"
			   />

Compared to the original settings, the following attributes have been added/changed比较默认设置,以下是修改过的属性.

port: 8443 to 443 (If you intend to browse to https://yourDomain instead of https://yourDomain:8443)
keystoreFile: Path to the .keystore file
keystorePass: The password defined earlier

Start your server. You may now surf to your Joget at 启动服务. 您可以通过 *https://yourDomain/jw* or  或 *https://yourDomain:8443/jw* depending on what is configured (根据您的配置决定端口号)访问Joget了.

References参考:

Apache Tomcat 6.0 SSL Configuration HOW-TO

...