Tomcat,Squid,Lighttpd的https配置

Tomcat,Squid,Lighttpd的https配置


4.4.6  Tomcat HTTPS配置
在server.xml里配置:
tomcat普通的https配置
    <Connector port="8443"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
           keystoreFile="conf/.keystore"
           keystorePass="lizongbo">
    </Connector>


Tomcat使用apr之后的ssl双向认证配置如下:

   <Connector port="8443" maxHttpHeaderSize="8192" protocol="HTTP/1.1"
              maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
              enableLookups="false" disableUploadTimeout="true"
              acceptCount="100" scheme="https" secure="true"
              clientAuth="true" <!--双向验证-->
              SSLEngine="on" bufferSize="8192"
              SSLEnabled="true"
              SSLProtocol="all"
              SSLCipherSuite="ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"
              SSLCertificateFile="..\conf\ca\www.crt"
              SSLCertificateKeyFile="..\conf\ca\www.key"
              SSLCACertificateFile="..\conf\ca\ca.crt"
              SSLCACertificatePath="..\conf\ca"
              SSLVerifyDepth="15"
              SSLVerifyClient="require"
               />

 

4.6.6  Squid HTTPS
squid.conf中加上:
https_port 3443 cert=D:/ca/www.crt key=D:/ca/www.key


4.7.6  LightTPD HTTPS
首先使用copy命令把 key和crt合并为一个文件,
D:\ca>copy /b www.key+www.crt www.pem

然后配置如下:
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "D:/ca/www.pem"
ssl.ca-file = "D:/ca/ca.crt"
server.name = "www"
server.document-root = "D:/httpsdosc"
server.errorlog = "httpserror.log"
accesslog.filename = "httpsaccess.log"
}
(下面的双向验证没有测试是否可用)
如需启用双向验证,则还需下面的配置参数:
ssl.verify-peer = "enable"
ssl.verify-depth  = 1
参考:http://trac.lighttpd.net/trac/ticket/921


 

你可能感兴趣的:(Tomcat,Squid,Lighttpd的https配置)