Skip to content

Instantly share code, notes, and snippets.

@wardenlym

wardenlym/deploy-https-cas-3.5.2.md

Created April 27, 2020 09:14
Show Gist options
  • Save wardenlym/b4efe885757ef05532520497ad5ac083 to your computer and use it in GitHub Desktop.
Save wardenlym/b4efe885757ef05532520497ad5ac083 to your computer and use it in GitHub Desktop.
Download ZIP
deploy https cas 3.5.2
Raw
deploy-https-cas-3.5.2.md 
wget https://github.com/apereo/cas/releases/download/v3.5.2/cas-server-3.5.2-release.zip

java -version

sudo apt-get install -y openjdk-8-jdk

export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-amd64
export JRE_HOME=${JAVA_HOME}/jre
export PATH=${PATH}:${JAVA_HOME}/bin

wget https://archive.apache.org/dist/tomcat/tomcat-7/v7.0.62/bin/apache-tomcat-7.0.62.tar.gz

sudo mkdir /usr/local/cas/
#生成证书
sudo keytool -genkey -alias tomcat -keyalg RSA -keystore /usr/local/cas/keystore

#导出证书
sudo keytool -export -trustcacerts -alias tomcat -file /usr/local/cas/tomcat.cer -keystore /usr/local/cas/keystore

cat /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib/security/cacerts
#如果有东西需要删除或备份
#然后导入证书到sdk
sudo keytool -import -trustcacerts -alias tomcat -file /usr/local/cas/tomcat.cer -keystore "/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib/security/cacerts"


#查看
keytool -list -v -keystore "/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib/security/cacerts"

#安tomcat
#解压
tar -zxvf apache-tomcat-7.0.62.tar.gz

#配置jdk
vim apache-tomcat-7.0.62/bin/catalina.sh

#启动tomcat 查看是否启动正常
./apache-tomcat-7.0.62/bin/startup.sh

#关闭tomcat服务
./apache-tomcat-7.0.62/bin/shutdown.sh

#查看日志
tail -f -n 100 ./apache-tomcat-7.0.62/logs/catalina.2017-12-14.log

#配置证书
vim ./apache-tomcat-7.0.62/conf/server.xml

<!--设定http/1.1协议 还有配置keystore的位置和密码-->
<Connector port="8443" protocol="HTTP/1.1"  
               minSpareThreads="5" maxSpareThreads="75"    
               enableLookups="true" disableUploadTimeout="true"      
               acceptCount="100"  maxThreads="200"    
               scheme="https" secure="true" SSLEnabled="true"    
               clientAuth="false" sslProtocol="TLS"    
               keystoreFile="/usr/local/cas/keystore"      
               keystorePass="<pass>"/>

#用safrai浏览器进入https://IP:8443

# 解压cas server
cp cas-server-3.5.2/modules/cas-server-webapp-3.5.2.war ./apache-tomcat-7.0.62/webapps/

unzip cas-server-webapp-3.5.2.war -d cas
rm cas-server-webapp-3.5.2.war

./apache-tomcat-7.0.62/bin/startup.sh
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment