Java |阿帕奇 Tomcat 9 |从内存中读取密钥库
Java | Apache Tomcat 9 | Read keystore from memory
Apache Tomcat 9 (Java) 中有没有一种方法可以从变量中读取用于 SSL 加密的密钥库,这意味着无需绕行将密钥库保存到文件中,然后指定文件路径为 属性?
目前我像下面的代码一样将密钥库传递给 Apache:
Connector connector = new Connector();
connector.setScheme("https");
connector.setProperty("keyAlias", "alias-test");
connector.setProperty("keystorePass", "testpwd");
connector.setProperty("keystoreType", "PKCS12");
connector.setProperty("keystoreFile", "keystore.pfx");
要使用已配置的 KeyStore,您需要使用适当的 setter 方法,因为 Tomcat 8.5 是:
SSLHostConfig#setTrustStore 对于受信任的证书,SSLHostConfigCertificate#setCertificateKeyStore 用于包含服务器证书的密钥库。
总结如下:
final KeyStore trustStore = ...
final KeyStore keyStore = ...
// Certificate
final SSLHostConfigCertificate certificate = new SSLHostConfigCertificate();
certificate.setCertificateKeystore(keyStore);
certificate.setCertificateKeyAlias("mykey");
certificate.setCertificateKeyPassword("secret");
// Host SSL configuration
final SSLHostConfig sslHostConfig = new SSLHostConfig();
sslHostConfig.setTrustStore(trustStore);
sslHostConfig.addCertificate(certificate);
// Connector
final Connector connector = new Connector();
connector.setScheme("https");
connector.setSecure(true);
connector.addSslHostConfig(sslHostConfig);
connector.setProperty("SSLEnabled", "true");
Apache Tomcat 9 (Java) 中有没有一种方法可以从变量中读取用于 SSL 加密的密钥库,这意味着无需绕行将密钥库保存到文件中,然后指定文件路径为 属性?
目前我像下面的代码一样将密钥库传递给 Apache:
Connector connector = new Connector();
connector.setScheme("https");
connector.setProperty("keyAlias", "alias-test");
connector.setProperty("keystorePass", "testpwd");
connector.setProperty("keystoreType", "PKCS12");
connector.setProperty("keystoreFile", "keystore.pfx");
要使用已配置的 KeyStore,您需要使用适当的 setter 方法,因为 Tomcat 8.5 是:
SSLHostConfig#setTrustStore对于受信任的证书,SSLHostConfigCertificate#setCertificateKeyStore用于包含服务器证书的密钥库。
总结如下:
final KeyStore trustStore = ...
final KeyStore keyStore = ...
// Certificate
final SSLHostConfigCertificate certificate = new SSLHostConfigCertificate();
certificate.setCertificateKeystore(keyStore);
certificate.setCertificateKeyAlias("mykey");
certificate.setCertificateKeyPassword("secret");
// Host SSL configuration
final SSLHostConfig sslHostConfig = new SSLHostConfig();
sslHostConfig.setTrustStore(trustStore);
sslHostConfig.addCertificate(certificate);
// Connector
final Connector connector = new Connector();
connector.setScheme("https");
connector.setSecure(true);
connector.addSslHostConfig(sslHostConfig);
connector.setProperty("SSLEnabled", "true");