利用JDK自带的产生证书的工具 生成证书
建立一个脚本文件,内容如下:
set SERVER_DN="CN=Server, OU=share, O=share, L=sz, S=gd, C=CN"
set CLIENT_DN="CN=Client, OU=share, O=share, L=sz, S=gd, C=CN"
set KS_PASS=-storepass changeit
set KEYINFO=-keyalg RSA
keytool -genkey -alias Server -dname %SERVER_DN% %KS_PASS% -keystore server.keystore %KEYINFO% -keypass changeit
keytool -export -alias Server -file test.cer %KS_PASS% -keystore server.keystore
keytool -import -file test.cer %KS_PASS% -keystore client.truststore -alias serverkey -noprompt
keytool -genkey -alias Client -dname %CLIENT_DN% %KS_PASS% -keystore client.keystore %KEYINFO% -keypass changeit
keytool -export -alias Client -file test.cer %KS_PASS% -keystore client.keystore
keytool -import -file test.cer %KS_PASS% -keystore server.truststore -alias clientkey -noprompt
pause
运行后生成下面的文件
server.keystore
server.truststore
client.truststore
client.keystore
test.cer
然后配置tomcat
打开server.xml
添加
<Connector port="8443" className="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEnabled="true" clientAuth="false"
keystoreFile="c:/server.keystore" keystorePass="changeit"
truststoreFile="c:/server.truststore" truststorePass="changeit"
sslProtocol="TLS" />
这样就可以通过 https://localhost:8443/ 访问了
如果想让应用程序HTTP自动跳转到HTTPS,在应用程序的web.xml中加入:
<login-config>
<!-- Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection>
<web-resource-name>SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
如果要通过程序代码访问https的WebService 那么需要添加JVM参数
-Djavax.net.ssl.keyStore=C:/client/client.keystore
-Djavax.net.ssl.keyStorePassword=changeit
-Djavax.net.ssl.trustStore=C:/client/client.truststore
转载自:http://blog.csdn.net/zhjb1025/article/details/3279512