相关tomcat+nginx登录页https访问证书问题-问答-阿里云开发者社区-阿里云

开发者社区> 问答> 正文

相关tomcat+nginx登录页https访问证书问题

落地花开啦 2016-05-27 14:35:41 1888

使用OpenSSL工具生成自签名证书后在本机Tomcat配置,发布程序访问https,浏览器提示证书错误,将附件中的boot.cer根证书安装到本机再次访问,浏览器正常,但使用其他机器访问,浏览器报证书错误,求解决方法。具体证书生成请参考页面:http://www.ert7.com/install/sslinstall/1244.html

web.xml配置:

<!-- 登录页采用https访问 -->
 <security-constraint>
  <web-resource-collection>
   <web-resource-name>SSL</web-resource-name>
   <url-pattern>/index/*</url-pattern>
  </web-resource-collection>
  <user-data-constraint>
   <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
 </security-constraint>

Tomcat server.xml配置:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
        SSLEnabled="true" maxThreads="150"
        scheme="https" secure="true" disableUploadTimeout="true"
        enableLookups="false" acceptCount="100" clientAuth="false"
        SSLCertificateFile="../conf/server.cer"
        SSLCertificateKeyFile="../conf/server.key"
        SSLCertificateChainFile="../conf/intermediate1.cer"
        SSLVerifyClient="none" sslProtocol="TLS" />

nginx.conf配置:

#user  nobody;
worker_processes  1;
  
#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
  
#pid        logs/nginx.pid;
  
 
events {
    worker_connections  1024;
}
  
 
http {
    include       mime.types;
    default_type  application/octet-stream;
  
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';
  
    #access_log  logs/access.log  main;
  
    sendfile        on;
    #tcp_nopush     on;
  
    #keepalive_timeout  0;
    keepalive_timeout  65;
  
    #gzip  on;
  
    server {
        listen       80;
        server_name  localhost:8080;
  
        #charset koi8-r;
  
        #access_log  logs/host.access.log  main;
  
        location / {
            root   yddweb;
            #index  index.html index.htm;
     proxy_pass http://localhost:8080;
     proxy_set_header Host $host:80;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Via "nginx";
        }
  
        #error_page  404              /404.html;
  
        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
 
    # HTTPS server
    server {
        listen       443;
        #server_name  localhost:443;
  
        ssl                  on;
        ssl_certificate      server.cer;
        ssl_certificate_key  server.key;
  
        ssl_session_timeout  5m;
  
        #ssl_protocols  SSLv2 SSLv3 TLSv1;
        #ssl_ciphers  HIGH:!aNULL:!MD5;
        #ssl_prefer_server_ciphers   on;
  
        location / {
            root   yddweb;
            #index  index.html index.htm;
     proxy_pass https://localhost:8443;
     proxy_set_header Host $host:443;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Via "nginx";
        }
    }
}
访问相关问题 登录https ca证书tomcat nginxhttps问题 http相关问题
分享到
取消 提交回答
全部回答(1)
  • 落地花开啦
    2019-07-17 19:17:50

    你用openssl生成的证书的CA是不受信任的,可以试下startssl

    0 0
+ 订阅

云安全开发者的大本营

相似问题
最新问题
推荐课程