tcnative-1.dll这个库已经包含了APR,openssl的核心引擎,还有tomcat-native的代码,openssl.exe是集成的openssl的命令行工具;
D:\software\tomcat8032\bin>openssl.exe genrsa -out rsa-private-key.pem 1024
WARNING: can‘t open config file: /usr/local/ssl/openssl.cnf
Generating RSA private key, 1024 bit long modulus
.....++++++
...............................++++++
e is 65537 (0x10001)
(设置环境变量)
D:\software\tomcat8032\bin>set OPENSSL_CONF=openssl.cnf
(生成服务端证书库)
D:\software\tomcat8032\bin>openssl.exe req -new -x509 -nodes -sha1 -days 365 -key rsa-private-key.pem -out self-signed-cert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:beijing
Locality Name (eg, city) []:haidian
Organization Name (eg, company) [Internet Widgits Pty Ltd]:css
Organizational Unit Name (eg, section) []:guodian
Common Name (e.g. server FQDN or YOUR name) []:xixi
Email Address []:xixi@163.com
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
SSLEnabled="true"
maxThreads="150"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLSv1"
SSLCertificateKeyFile="D:\software\tomcat8032\conf\openssl\rsa-private-key.pem"
SSLCertificateFile="D:\software\tomcat8032\conf\openssl\self-signed-cert.pem"/>
对于上述的配置,配置APR的protocol需要换成 Http11AprProtocol,其次,SSLCertificateKeyFile指的是openssl的服务器端的密钥库,SSLCertificateFile指的是服务器端的证书库(不带私钥,只有公钥)。
