步骤
-
使用以下命令创建包含自签名证书的密钥库:
keytool -genkey -keyalg RSA -alias tac-tomcat -keystore tac-tomcat-keystore.jks -storepass tacadmin -validity 3600 -keysize 2048 -
打开以下文件:
<TAC_HOME>\apache-tomcat\conf\server.xml
-
添加下述配置行,配置 Apache Tomcat 使用此密钥库:
<!-- Define an SSL Coyote HTTP/1.1 Connector on port 8443 --> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="conf/tac-tomcat-keystore.jks" keystorePass="tacadmin" clientAuth="false" sslProtocol="TLS"/> -
注释掉非 SSL 部分。
<Connector executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" connectionTimeout="20000" throwOnFailure="true" redirectPort="8443" /> -
将密钥库证书添加到 Apache Tomcat 信任库。
#export certificate into .cert file keytool -keystore tac-tomcat-keystore.jks -alias tac-tomcat -export -file tac-tomcat.cert #import certificate into jks keytool -keystore tac-tomcat-truststore.jks -alias tac-tomcat -import -file tac-tomcat.cert此步是为避免下述异常所必需的:Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target during user authentication. -
添加
keystoreFile和keystorePass参数及参数值。 -
打开以下文件:
<TAC_HOME>\apache-tomcat\setenv.bat
-
将下行
set "JAVA_OPTS=%JAVA_OPTS% -Xmx4096m -Dfile.encoding=UTF-8"改成set "JAVA_OPTS=%JAVA_OPTS% -Xmx4096m -Dfile.encoding=UTF-8 -Djavax.net.ssl.trustStore=$CATALINA_HOME/conf/tac-tomcat-truststore.jks -Djavax.net.ssl.trustStorePassword=tacadmin" -
重新启动 Talend Administration Center。
通过此地址检查 Talend Administration Center URL:
https://localhost:8443/org.talend.administrator。更多信息,请参阅 https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html。