Java环境配置
由于我在安装CentOS5.5的时候没有安装Java。在说Linux下的大部分都是自带OpenJDK,你懂的!嘿嘿。
Oracle提供Linux下的安装包有jdk-6u23-linux-i586.bin和jdk-6u23-linux-i586-rpm.bin,这两个都可以,下面我用jdk-6u23-linux-i586-rpm.bin安装
开始安装:
# cd /usr
# mkdir java
//用Xftp把jdk-6u23-linux-i586-rpm.bin上传到/usr/java
# cd /usr/java
# ll
# chmod +x ./jdk-6u23-linux-i586-rpm.bin
# ./jdk-6u23-linux-i586-rpm.bin
查看是否安装成功:
# rpm -qa | grep jdk
jdk-1.6.0_23-fcs
# rpm -qa | grep java
sun-javadb-client-10.5.3-0.2
sun-javadb-core-10.5.3-0.2
sun-javadb-demo-10.5.3-0.2
sun-javadb-javadoc-10.5.3-0.2
sun-javadb-common-10.5.3-0.2
sun-javadb-docs-10.5.3-0.2
//由于我不需要sun-javadb,故卸载
# rpm -e --nodeps sun-javadb-client-10.5.3-0.2 sun-javadb-core-10.5.3-0.2 sun-javadb-demo-10.5.3-0.2 sun-javadb-javadoc-10.5.3-0.2 sun-javadb-common-10.5.3-0.2 sun-javadb-docs-10.5.3-0.2
# rpm -qa | grep jdk
jdk-1.6.0_23-fcs
# rpm -qa | grep java
//没有任何信息,表示你已经成功卸载
配置环境变量:
# vi /etc/profile
//在这文件的最后加入如下代码
export JAVA_HOME=/usr/java/jdk1.6.0_23
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar
//使之生效
# source /etc/profile
# java -version
java version "1.6.0_23"
Java(TM) SE Runtime Environment (build 1.6.0_23-b05)
Java HotSpot(TM) Client VM (build 19.0-b09, mixed mode, sharing)
# javac -version
javac 1.6.0_23
//至此JDK已经安装完
Tomcat的安装
用Xftp把apache-tomcat-6.0.29.zip上传到/usr/目录下
然后执行下面的命令:
# cd /usr/
# chmod +x ./apache-tomcat-6.0.29.zip
# unzip ./apache-tomcat-6.0.29.zip
# /usr/apache-tomcat-6.0.29/bin
# chmod +x ./*.sh
# ./startup.sh
在浏览器中输入http://192.168.1.211:8080/,能看到那只小猫就表示已经安装成功了!
Tomcat SSL的配置
目标:建立自己的CA中心,用自己的CA去给Tomcat签发证书,签发客户端。
查看openssl的版本:
# openssl version
OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
//版本有点老。下篇在说升级的事。
第一步,建立自己的CA中心。
# cd /usr/
# mkdir ./vanessl/
# cd ./vanessl/
# openssl genrsa -out ca-key.pem 1024
# openssl req -new -out ca-req.csr -key ca-key.pem
//You are about to be asked to enter information that will be incorporated
//into your certificate request.
//What you are about to enter is what is called a Distinguished Name or a DN.
//There are quite a few fields but you can leave some blank
//For some fields there will be a default value,
//If you enter '.', the field will be left blank.
//-----
//Country Name (2 letter code) [GB]:CN
//State or Province Name (full name) [Berkshire]:Yun Nan
//Locality Name (eg, city) [Newbury]:Kun Ming
//Organization Name (eg, company) [My Company Ltd]:Delochi
//Organizational Unit Name (eg, section) []:Software
//Common Name (eg, your name or your server's hostname) []:Delochi CA Root
//Email Address []:
//Please enter the following 'extra' attributes
//to be sent with your certificate request
//A challenge password []:
//An optional company name []:
# openssl x509 -req -in ca-req.csr -out ca-cert.pem -signkey ca-key.pem -days 365
//Signature ok
//subject=/C=CN/ST=Yun Nan/L=Kun Ming/O=Delochi/OU=Software/CN=Delochi CA Root
//Getting Private key
# echo 01>ca-cert.srl
# cp ca-cert.pem ca-cert.cer
# keytool -import -v -trustcacerts -alias delochi_ca_root -file ca-cert.pem -keystore $JAVA_HOME/jre/lib/security/cacerts
//Enter keystore password: changeit
//Owner: CN=Delochi CA Root, OU=Software, O=Delochi, L=Kun Ming, ST=Yun Nan, C=CN
//Issuer: CN=Delochi CA Root, OU=Software, O=Delochi, L=Kun Ming, ST=Yun Nan, C=CN
//Serial number: 88072b9504be8f71
//Valid from: Thu Jan 13 07:51:29 CST 2011 until: Fri Jan 13 07:51:29 CST 2012
//Certificate fingerprints:
//MD5: DF:7F:54:4F:B3:A7:63:B3:74:31:5E:B6:29:F5:1E:E6
//SHA1: 02:24:E2:1B:57:C1:38:F5:D3:31:76:D9:6C:71:15:44:56:BE:06:11
//Signature algorithm name: SHA1withRSA
//Version: 1
//Trust this certificate? [no]: y
//Certificate was added to keystore
//[Storing /usr/java/jdk1.6.0_23/jre/lib/security/cacerts]
# keytool -alias delochi_ca_root -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit
//Alias name: delochi_ca_root
//Creation date: Jan 13, 2011
//Entry type: trustedCertEntry
//Owner: CN=Delochi CA Root, OU=Software, O=Delochi, L=Kun Ming, ST=Yun Nan, C=CN
//Issuer: CN=Delochi CA Root, OU=Software, O=Delochi, L=Kun Ming, ST=Yun Nan, C=CN
//Serial number: 88072b9504be8f71
//Valid from: Thu Jan 13 07:51:29 CST 2011 until: Fri Jan 13 07:51:29 CST 2012
//Certificate fingerprints:
// MD5: DF:7F:54:4F:B3:A7:63:B3:74:31:5E:B6:29:F5:1E:E6
// SHA1: 02:24:E2:1B:57:C1:38:F5:D3:31:76:D9:6C:71:15:44:56:BE:06:11
// Signature algorithm name: SHA1withRSA
// Version: 1
第二步,用CA去签发tomcat
# keytool -genkey -alias tomcat_server -validity 365 -keyalg RSA -keysize 1024 -keystore server_keystore
//Enter keystore password:123456
//Re-enter new password:123456
//What is your first and last name?
// [Unknown]: 192.168.1.211
//What is the name of your organizational unit?
// [Unknown]: SoftWare
//What is the name of your organization?
// [Unknown]: Delochi
//What is the name of your City or Locality?
// [Unknown]: Kun Ming
//What is the name of your State or Province?
// [Unknown]: Yun Nan
//What is the two-letter country code for this unit?
// [Unknown]: CN
//Is CN=192.168.1.211, OU=SoftWare, O=Delochi, L=Kun Ming, ST=Yun Nan, C=CN correct?
// [no]: y
//Enter key password for <tomcat_server>
//(RETURN if same as keystore password):123456
//Re-enter new password:123456
# keytool -certreq -alias tomcat_server -sigalg MD5withRSA -file server.csr -keystore server_keystore
//Enter keystore password:123456
# openssl x509 -req -in server.csr -out server-cert.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -days 365
//Signature ok
//subject=/C=CN/ST=Yun Nan/L=Kun Ming/O=Delochi/OU=SoftWare/CN=192.168.1.211
//Getting CA Private Key
# keytool -import -v -trustcacerts -alias tomcat_server -file server-cert.pem -keystore server_keystore
//Enter keystore password: 123456
//Certificate reply was installed in keystore
//[Storing server_keystore]
修改Tomcat的默认主页
要实现效果有2种方法:
1、直接删除ROOT下面的所有文件,把直接的war包解压后放在里面(这种方式感觉太粗鲁,嘿嘿)
2、修改%TOMCAT_HOME%/conf/server.xml,在<HOST></HOST>标签里加入
<Context path="" docBase="cas" debug="0" reloadable="true" />
#path是说明虚拟目录的名字,如果你要只输入ip地址就显示主页,则该键值留为空;
#docBase是虚拟目录的路径,它默认的是$tomcat/webapps/ROOT目录,现在我在webapps目录下建了一个myjsp目录,让该目录作为我的默认目录。
#debug和reloadable一般都分别设置成0和true。