{"id":527,"date":"2018-10-09T01:50:43","date_gmt":"2018-10-09T01:50:43","guid":{"rendered":"http:\/\/www.asianux.org.vn\/?p=527"},"modified":"2018-10-09T01:52:14","modified_gmt":"2018-10-09T01:52:14","slug":"config-ssl-for-tomcat-8-globalsign","status":"publish","type":"post","link":"https:\/\/www.asianux.org.vn\/index.php\/2018\/10\/09\/config-ssl-for-tomcat-8-globalsign\/","title":{"rendered":"Config SSL for Tomcat 8 GlobalSign"},"content":{"rendered":"<p><strong>H\u01af\u1edaNG D\u1eaaN C\u00c0I \u0110\u1eb6T SSL CHO TOMCAT 8<\/strong><\/p>\n<ol>\n<li>T\u1ea1o file keystore t\u1eeb tomcat<\/li>\n<\/ol>\n<p><em>keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore interface_asianux_org.jks <\/em><\/p>\n<p>Note:<\/p>\n<ul>\n<li>V\u00e0o th\u01b0 m\u1ee5c ch\u1ee9a java s\u1eed d\u1ee5ng l\u1ec7nh keytool ho\u1eb7c .\/keytool<\/li>\n<li>alias l\u00e0 t\u00ean c\u1ee7a alias. C\u00f3 th\u1ec3 \u0111\u1eb7t 1 t\u00ean b\u1ea5t k\u00ec. V\u00ed d\u1ee5 \u1edf \u0111\u00e2y l\u00e0 \u0111\u1eb7t t\u00ean: \u201cserver\u201d.<\/li>\n<li>Sau khi g\u00f5 l\u1ec7nh s\u1ebd h\u1ecfi pass \u00e0 \u0111\u1eb7t 1 pass cho ch\u00f9m keystore. \u1edf \u0111\u00e2y t\u00ean ch\u00f9m keystore l\u00e0 <em>jks<\/em><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ol start=\"2\">\n<li>T\u1ea1o ra file .csr b\u1eb1ng l\u1ec7nh:<\/li>\n<\/ol>\n<p><em>keytool keytool -certreq -alias server -file interface_asianux_org.csr -keystore interface_asianux_org.jks<\/em><\/p>\n<p>Note:<\/p>\n<p>Ch\u00fa \u00fd t\u00ean alias ph\u1ea3i tr\u00f9ng v\u1edbi tr\u00ean alias \u0111\u00e3 t\u1ea1o \u1edf tr\u00ean<\/p>\n<p>Ki\u1ec3m tra l\u1ea1i xem \u0111\u00e3 t\u1ea1o file csr ch\u01b0a b\u1eb1ng l\u1ec7nh: LS<\/p>\n<ol start=\"3\">\n<li>G\u1eedi file .crs cho nh\u00e0 \u0111\u0103ng k\u00fd d\u1ecbch v\u1ee5 v\u00e0 ch\u1edd nh\u00e0 cung c\u1ea5p g\u1eedi tr\u1ea3 l\u1ea1i file . \u1edf \u0111\u00e2y nh\u00e0 cung c\u1ea5p tr\u1ea3 l\u1ea1i 2 file d\u1ea1ng \u201ccertificate.p7b\u201d v\u00e0 \u201cintermediate.cer\u201d<\/li>\n<li>Ch\u00e8n key t\u1eeb nh\u00e0 cung c\u1ea5p v\u00e0o ch\u00f9m keystore c\u00f3 s\u1eb5n c\u1ee7a m\u00ecnh:<\/li>\n<\/ol>\n<p><em>keytool -import -alias AVIntermediate -trustcacerts -file intermediate.cer -keystore interface_asianux_org.jks<\/em><\/p>\n<p><em>keytool -import -alias server -trustcacerts -file certificate.p7b -keystore interface_asianux_org.jks <\/em><\/p>\n<ol start=\"5\">\n<li>Ki\u1ec3m tra l\u1ea1i key \u0111\u00e3 ch\u00e8n v\u00e0o ch\u00f9m keystore b\u1eb1ng l\u1ec7nh:<\/li>\n<li>Ch\u1ec9nh s\u1eeda l\u1ea1i file server.xml ( \u1edf \u0111\u00e2y c\u00f3 th\u1ec3 l\u1ef1a ch\u1ecdn port kh\u00e1c ngo\u00e0i port 443)<\/li>\n<\/ol>\n<p>&lt;Connector port=&#8221;8080&#8243; protocol=&#8221;HTTP\/1.1&#8243;<\/p>\n<p>connectionTimeout=&#8221;20000&#8243;<\/p>\n<p>redirectPort=&#8221;443&#8243; \/&gt;<\/p>\n<p>&lt;Connector port=&#8221;443&#8243;<\/p>\n<p>protocol=&#8221;org.apache.coyote.http11.Http11NioProtocol&#8221;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 maxThreads=&#8221;150&#8243; SSLEnabled=&#8221;true&#8221; scheme=&#8221;https&#8221; secure=&#8221;true&#8221;<\/p>\n<p>clientAuth=&#8221;false&#8221; sslProtocol=&#8221;TLS&#8221; keystoreFile=&#8221;\/opt\/jdk1.8.0_111\/jre\/bin\/interface_asianux_org.jks&#8221; keystorePass=&#8221;123456&#8243; keyAlias=&#8221;server&#8221; \/&gt;<\/p>\n<p>&nbsp;<\/p>\n<p>Note: t\u1ea1i \u0111\u00e2y l\u01b0u \u00fd n\u1ebfu tr\u00ean server c\u1ee7a b\u1ea1n ch\u1ea1y c\u1ea3 apachi th\u00ec b\u1ea1n ph\u1ea3i \u0111\u1ed5i l\u1ea1i port c\u1ee7a apachi trong file ssl.conf sang 1 port kh\u00e1c. V\u00ed d\u1ee5: 443\u00e09443<\/p>\n<ol start=\"7\">\n<li>Th\u1eed l\u1ea1i d\u1ecbch v\u1ee5 tr\u00ean server: <a href=\"https:\/\/x.x.x.x:443\">https:\/\/x.x.x.x:443<\/a><\/li>\n<\/ol>\n<p>Note: l\u01b0u \u00fd b\u1ea3ng iptable tr\u00ean linux m\u1edf port 8443 ho\u1eb7c 443<\/p>\n","protected":false},"excerpt":{"rendered":"<p>H\u01af\u1edaNG D\u1eaaN C\u00c0I \u0110\u1eb6T SSL CHO TOMCAT 8 T\u1ea1o file keystore t\u1eeb tomcat keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore interface_asianux_org.jks Note: V\u00e0o th\u01b0 m\u1ee5c ch\u1ee9a java s\u1eed d\u1ee5ng l\u1ec7nh keytool ho\u1eb7c .\/keytool&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-527","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/posts\/527","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/comments?post=527"}],"version-history":[{"count":2,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/posts\/527\/revisions"}],"predecessor-version":[{"id":529,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/posts\/527\/revisions\/529"}],"wp:attachment":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/media?parent=527"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/categories?post=527"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/tags?post=527"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}