CentOS 5.5基础教程系列-服务器评测

由于我在安装CentOS5.5的时候没有安装Java。在说Linux下的大部分都是自带OpenJDK，你懂的！嘿嘿。

Oracle提供Linux下的安装包有jdk-6u23-linux-i586.bin和jdk-6u23-linux-i586-rpm.bin，这两个都可以，下面我用jdk-6u23-linux-i586-rpm.bin安装

开始安装：

# cd /usr
# mkdir java
//用Xftp把jdk-6u23-linux-i586-rpm.bin上传到/usr/java
# cd /usr/java
# ll
# chmod +x ./jdk-6u23-linux-i586-rpm.bin
# ./jdk-6u23-linux-i586-rpm.bin

查看是否安装成功：

# rpm -qa | grep jdk
jdk-1.6.0_23-fcs
# rpm -qa | grep java
sun-javadb-client-10.5.3–0.2
sun-javadb-core-10.5.3–0.2
sun-javadb-demo-10.5.3–0.2
sun-javadb-javadoc-10.5.3–0.2
sun-javadb-common-10.5.3–0.2
sun-javadb-docs-10.5.3–0.2
//由于我不需要sun-javadb，故卸载
# rpm -e –nodeps sun-javadb-client-10.5.3–0.2 sun-javadb-core-10.5.3–0.2 sun-javadb-demo-10.5.3–0.2 sun-javadb-javadoc-10.5.3–0.2 sun-javadb-common-10.5.3–0.2 sun-javadb-docs-10.5.3–0.2
# rpm -qa | grep jdk
jdk-1.6.0_23-fcs
# rpm -qa | grep java
//没有任何信息，表示你已经成功卸载

配置环境变量：

# vi /etc/profile
//在这文件的最后加入如下代码
export JAVA_HOME=/usr/java/jdk1.6.0_23
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar
//使之生效
# source /etc/profile
# java -version
java version “1.6.0_23”
Java(TM) SE Runtime Environment (build 1.6.0_23-b05)
Java HotSpot(TM) Client VM (build 19.0-b09, mixed mode, sharing)
# javac -version
javac 1.6.0_23
//至此JDK已经安装完

用Xftp把apache-tomcat-6.0.29.zip上传到/usr/目录下
然后执行下面的命令：

# cd /usr/

# chmod +x ./apache-tomcat-6.0.29.zip

# unzip ./apache-tomcat-6.0.29.zip

# /usr/apache-tomcat-6.0.29/bin

# chmod +x ./*.sh

# ./startup.sh

在浏览器中输入http://192.168.1.211:8080/，能看到那只小猫就表示已经安装成功了！目标：建立自己的CA中心，用自己的CA去给Tomcat签发证书，签发客户端。

查看openssl的版本：

# openssl version

OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

//版本有点老。下篇在说升级的事。

第一步，建立自己的CA中心。

# cd /usr/

# mkdir ./vanessl/

# cd ./vanessl/

# openssl genrsa -out ca-key.pem 1024

# openssl req –new -out ca-req.csr -key ca-key.pem

//You are about to be asked to enter information that will be incorporated

//into your certificate request.

//What you are about to enter is what is called a Distinguished Name or a DN.

//There are quite a few fields but you can leave some blank

//For some fields there will be a default value,

//If you enter ‘.’, the field will be left blank.

//—–

//Country Name (2 letter code) [GB]:CN

//State or Province Name (full name) [Berkshire]:Yun Nan

//Locality Name (eg, city) [Newbury]:Kun Ming

//Organization Name (eg, company) [My Company Ltd]:Delochi

//Organizational Unit Name (eg, section) []:Software

//Common Name (eg, your name or your server’s hostname) []:Delochi CA Root

//Email Address []:

//Please enter the following ‘extra’ attributes

//to be sent with your certificate request

//A challenge password []:

//An optional company name []:

# openssl x509 -req -in ca-req.csr -out ca-cert.pem -signkey ca-key.pem -days 365

//Signature ok

//subject=/C=CN/ST=Yun Nan/L=Kun Ming/O=Delochi/OU=Software/CN=Delochi CA Root

//Getting Private key

# echo 01>ca-cert.srl

# cp ca-cert.pem ca-cert.cer

# keytool –import -v -trustcacerts -alias delochi_ca_root -file ca-cert.pem -keystore $Java_HOME/jre/lib/security/cacerts

//Enter keystore password: changeit

//Owner: CN=Delochi CA Root, OU=Software, O=Delochi, L=Kun Ming, ST=Yun Nan, C=CN

//Issuer: CN=Delochi CA Root, OU=Software, O=Delochi, L=Kun Ming, ST=Yun Nan, C=CN

//Serial number: 88072b9504be8f71

//Valid from: Thu Jan 13 07:51:29 CST 2011 until: Fri Jan 13 07:51:29 CST 2012

//Certificate fingerprints:

// MD5: DF:7F:54:4F:B3:A7:63:B3:74:31:5E:B6:29:F5:1E:E6

// SHA1: 02:24:E2:1B:57:C1:38:F5:D3:31:76:D9:6C:71:15:44:56:BE:06:11

// Signature algorithm name: SHA1withRSA

// Version: 1

//Trust this certificate? [no]: y

//Certificate was added to keystore

//[Storing /usr/java/jdk1.6.0_23/jre/lib/security/cacerts]

# keytool -alias delochi_ca_root -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit

//Alias name: delochi_ca_root

//Creation date: Jan 13, 2011

//Entry type: trustedCertEntry

//Owner: CN=Delochi CA Root, OU=Software, O=Delochi, L=Kun Ming, ST=Yun Nan, C=CN

//Issuer: CN=Delochi CA Root, OU=Software, O=Delochi, L=Kun Ming, ST=Yun Nan, C=CN

//Serial number: 88072b9504be8f71

//Valid from: Thu Jan 13 07:51:29 CST 2011 until: Fri Jan 13 07:51:29 CST 2012

//Certificate fingerprints:

// MD5: DF:7F:54:4F:B3:A7:63:B3:74:31:5E:B6:29:F5:1E:E6

// SHA1: 02:24:E2:1B:57:C1:38:F5:D3:31:76:D9:6C:71:15:44:56:BE:06:11

// Signature algorithm name: SHA1withRSA

// Version: 1

第二步，用CA去签发tomcat

# keytool -genkey -alias tomcat_server -validity 365 -keyalg RSA -keysize 1024 -keystore server_keystore

//Enter keystore password:123456

//Re-enter new password:123456

//What is your first and last name?

// [Unknown]: 192.168.1.211

//What is the name of your organizational unit?

// [Unknown]: SoftWare

//What is the name of your organization?

// [Unknown]: Delochi

//What is the name of your City or Locality?

// [Unknown]: Kun Ming

//What is the name of your State or Province?

// [Unknown]: Yun Nan

//What is the two-letter country code for this unit?

// [Unknown]: CN

//Is CN=192.168.1.211, OU=SoftWare, O=Delochi, L=Kun Ming, ST=Yun Nan, C=CN correct?

// [no]: y

//Enter key password for <tomcat_server>

// (RETURN if same as keystore password):123456

//Re-enter new password:123456

# keytool -certreq -alias tomcat_server -sigalg MD5withRSA -file server.csr -keystore server_keystore

//Enter keystore password:123456

# openssl x509 -req -in server.csr -out server-cert.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -days 365

//Signature ok

//subject=/C=CN/ST=Yun Nan/L=Kun Ming/O=Delochi/OU=SoftWare/CN=192.168.1.211

//Getting CA Private Key

# keytool –import -v -trustcacerts -alias tomcat_server -file server-cert.pem -keystore server_keystore

//Enter keystore password: 123456

//Certificate reply was installed in keystore

//[Storing server_keystore]

要实现效果有2种方法：

1、直接删除ROOT下面的所有文件，把直接的war包解压后放在里面(这种方式感觉太粗鲁，嘿嘿)

2、修改%TOMCAT_HOME%/conf/server.xml,在<HOST></HOST>标签里加入

<Context path=“” docBase=“cas” debug=“0” reloadable=“true” />

#path是说明虚拟目录的名字，如果你要只输入ip地址就显示主页，则该键值留为空；

#docBase是虚拟目录的路径，它默认的是$tomcat/webapps/ROOT目录，现在我在webapps目录下建了一个myjsp目录，让该目录作为我的默认目录。

#debug和reloadable一般都分别设置成0和true。

CentOS 5.5基础教程系列

相关推荐

分类

其他操作

听说打赏我的人，都进福布斯排行榜啦！

支付宝扫一扫打赏

微信扫一扫打赏

QQ咨询

回顶部