Pages

2017年3月7日 星期二

Home » » Tomcat 9 多域名SSL設定

Tomcat 9 多域名SSL設定

By  3月 07, 2017  No comments
在Tomcat 9.0的環境下,可以支援多個域名的設定,首先要先在Connector上先設一個預設的域名與SSL的檔案設定後,再到SSLHostConfig標籤下添加其他域名。

註:JKS檔案可以經由KSE的軟體,將PFX的憑證檔案轉換成JSK的檔案。 


  1.  <Connector port="8443"
  2.    protocol="org.apache.coyote.http11.Http11Nio2Protocol"
  3.    maxThreads="150" SSLEnabled="true"
  4.    scheme="https" secure="true"  
  5.    clientAuth="false" sslProtocol="TLS"
  6.    sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1" URIEncoding="UTF-8"
  7.    keystoreFile="conf/aaa.jks"
  8.    keystorePass="changeit"  
  9.    defaultSSLHostConfigName="*.aaa.com" >
  10.   <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"/>
  11.   <SSLHostConfig hostName="*.aaa.com" honorCipherOrder="false"
  12.    ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
  13.                    TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
  14.                    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
  15.                    TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
  16.                    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
  17.                    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
  18.                    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
  19.                    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
  20.                    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
  21.                    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
  22.                    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
  23.                    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
  24.        TLS_RSA_WITH_AES_128_CBC_SHA"
  25.    >
  26.     <Certificate certificateKeystoreFile="conf/aaa.jks"
  27.     certificateKeystorePassword="changeit" 
  28.     certificateKeystoreType="RSA"/>
  29.         </SSLHostConfig>
  30.   <SSLHostConfig hostName="*.bbb.com" honorCipherOrder="false"
  31.    ciphers="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
  32.                    TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
  33.                    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
  34.                    TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
  35.                    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
  36.                    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
  37.                    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
  38.                    TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
  39.                    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
  40.                    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
  41.                    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
  42.                    TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
  43.        TLS_RSA_WITH_AES_128_CBC_SHA"
  44.    >
  45.     <Certificate certificateKeystoreFile="conf/bbb.pfx"
  46.     certificateKeystorePassword="changeit" 
  47.     certificateKeystoreType="PKCS12"/>
  48.         </SSLHostConfig>
  49.     </Connector>

Related Posts:

  • Apache Tomcat Native library which allows optimal performance利用用Eclipse 和tomcat 6.0,運行tomcat時候出現如下問題: tomcat6.0 The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path 這是一個跟ARP有關的問題 APR(Apache por… Read More
  • Tomcat使用不同Port運行不同的webapps <Service name="Catalina"> <Connector executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> <Connector… Read More
  • Apache Tomcat 6 的記憶體配置 (效能調整)Tomcat Server 預設可使用的記憶體為 128M, 若有大量網頁需求時, 會因記憶體太少, 而導致 Tomcat 當掉無法運作, 所以, 若要應付大量網頁的需求,需增加JVM的記憶體大小如下: First Calculate the number of threads you can create (MaxProcessMemory - JVMMemory - ReservedOsMemory) / (Threa… Read More
  • Tomcat 9 多域名SSL設定在Tomcat 9.0的環境下,可以支援多個域名的設定,首先要先在Connector上先設一個預設的域名與SSL的檔案設定後,再到SSLHostConfig標籤下添加其他域名。 註:JKS檔案可以經由KSE的軟體,將PFX的憑證檔案轉換成JSK的檔案。 <Connector port="8443" protocol="org.apache.coyote.http11.Http11Nio2Protocol" maxThr… Read More
  • Tomcat Server.xml <Host>與<Context>差異 <!-- Host主要設定Domain Name的對應名稱與預設解WAR檔的目錄 --> <Host name="app.google.com" appBase="webapps" unpackWARs="true" xmlValidation="false" xmlNamespaceAware="false"> <!--Context 主要設定URL後面的路徑對應名稱 --> <Cont… Read More

0 意見:

張貼留言