Tomcat 8 테스트 완료 (SSL)

- 인증서 패스워드 입력(3번 입력해야함) , 평소 인증서 패스워드 깨는 작업은 필요없다.

openssl pkcs12 -export -in ssl.crt -inkey ssl.key -certfile chain_all_ssl.crt -out ssl3.p12 -name tomcat

 

- server.xml에 추가

<Connector port="443"

   maxThreads="2000"

      scheme="https" secure="true" SSLEnabled="true"

      ciphers="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,T

LS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_

SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_

RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"

         keystoreFile="/usr/local/apache-tomcat-7.0.50/conf/ssl/ssl3.p12" keystorePass="sm5550!@" keystoreType="pkcs12" clientAuth="false"

sslProtocol="TLS"

         />

ㄴ 이 문구는 맨 끝에 들어갈것이 아니라

<Service name="Catalina">

          <Connector port="80" protocol="HTTP/1.1"               connectionTimeout="20000"               redirectPort="8443" />

 

<Connector port="443"

   maxThreads="2000"

      scheme="https" secure="true" SSLEnabled="true"

      ciphers="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,T

LS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_

SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_

RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"

         keystoreFile="/home/tomcat/ssl/ssl3.p12" keystorePass="simyongsup!" keystoreType="pkcs12" clientAuth="false"

sslProtocol="TLS" />

 

      <Engine name="Catalina" defaultHost="localhost">

 

이렇게 이 사이에 들어가야 정상 적용된다.