![SSLEnabled="true"
keystoreFile="/Users/vincenttuan/Documents/apache-tomcat-9.0.62/conf/keys/tomcat.keystore"
keystorePass="123456"
clientAuth="false"
sslProtocol="TLS"/>
六、建立 ssl.conf 設定檔
[req]
prompt = no
default_md = sha256
default_bits = 2048
distinguished_name = dn
x509_extensions = v3_req
[dn]
C = TW
ST = Taiwan
L = Taipei
O = WebSecure
OU = Pcschool
emailAddress = admin@example.com
CN = study
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
IP.1 = 127.0.0.1
IP.2 = 192.168.30.252
七、建立出私密金鑰 (server.key) 與憑證檔案 (server.crt)
openssl req -x509 -new -nodes -sha256 -utf8 -days 3650 -newkey rsa:2048 -keyout
server.key -out server.crt -config ssl.conf](https://image.slidesharecdn.com/20230129-230214231618-5ce93c3a/85/2023_0129-doc-3-320.jpg)
資訊安全筆記 2023_0129.doc
- 1. 資訊安全筆記 2023_0129 一、安裝工具 1. Eclipse Enterprice 安裝 注意請務必選擇 Eclipse IDE for Enterprise Java and Web Developers 下載 https://www.eclipse.org/downloads/packages/release/2022-09/r 2. 另外 STS 的外掛也請加入到 Eclipse 中 可以 Google "Eclipse 安裝 STS plug-in" 關鍵字查詢 如無法安裝 Eclipse + Spring 的同學可以改安裝 Spring Tools 4 for Eclipse https://spring.io/tools 也是一樣可以,此 IDE 工具已經將 eclipse + spring 直接都做好了 3. Git for Windows 也要裝 https://www.git-scm.com/download/win 4. 因為會使用 OpenSSL , 工具安裝方法請參考此篇 https://blog.miniasp.com/post/2019/02/25/Creating-Self-signed-Certificate-using-OpenSSL 5. Insomnia rest 工具安裝 https://insomnia.rest/download 6. MySQL Community Server 8.0.32. https://dev.mysql.com/downloads/mysql/ 7. 監控 HTTP 封包資料 https://www.charlesproxy.com/download/ 二、Github code https://github.com/vincenttuan/WebSecure2023 三、生成金鑰
- 2. 在指定目錄下建立 tomcat.keystore 指定目錄 在 tomcat 安裝目錄下的 /conf 中新建立 /keys 資料夾 /Users/vincenttuan/Documents/apache-tomcat-9.0.62/conf/keys DOS 命令提示字元進入到 …/keys 目錄 建立 tomcat.keystore 指令: keytool -genkeypair -alias tomcat -keyalg RSA -keypass 123456 -storepass 123456 -keysize 1024 -validity 365 -keystore tomcat.keystore 四、修改 web.xml <security-constraint> <display-name>Constraint1</display-name> <web-resource-collection> <web-resource-name>secure</web-resource-name> <description/> <url-pattern>/secure/*</url-pattern> </web-resource-collection> <user-data-constraint> <description/> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> 五、修改 server.xml <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="200" scheme="https" secure="true"
- 3. SSLEnabled="true" keystoreFile="/Users/vincenttuan/Documents/apache-tomcat-9.0.62/conf/keys/tomcat.keystore" keystorePass="123456" clientAuth="false" sslProtocol="TLS"/> 六、建立 ssl.conf 設定檔 [req] prompt = no default_md = sha256 default_bits = 2048 distinguished_name = dn x509_extensions = v3_req [dn] C = TW ST = Taiwan L = Taipei O = WebSecure OU = Pcschool emailAddress = admin@example.com CN = study [v3_req] subjectAltName = @alt_names [alt_names] DNS.1 = localhost IP.1 = 127.0.0.1 IP.2 = 192.168.30.252 七、建立出私密金鑰 (server.key) 與憑證檔案 (server.crt) openssl req -x509 -new -nodes -sha256 -utf8 -days 3650 -newkey rsa:2048 -keyout server.key -out server.crt -config ssl.conf
- 4. 八、產生 PKCS#12 憑證檔案 (*.pfx 或 *.p12) 給 Tomcat 使用 openssl pkcs12 -export -in server.crt -inkey server.key -out server.pfx Enter Export Password: 123456 Verifying - Enter Export Password: 123456 九、加入到根憑證 (for MAC) 其他 OS 請參考: https://blog.miniasp.com/post/2019/02/25/Creating-Self-signed-Certificate-using-Ope nSSL sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain server.crt 若有出現 password: mac 的密碼 十、修改 server.xml (透過 CA) <Connector SSLEnabled="true" SSLEngine="on" clientAuth="false" keystoreFile="/Users/vincenttuan/Documents/apache-tomcat-9.0.62/conf/keys/server.pfx" keystorePass="123456" keystoreType="pkcs12" maxThreads="200" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true"/>