tomcat 启动ssl(双向认证) -

donald3003a

浏览: 64206 次
性别:
来自: 成都

最近访客更多访客>>

dwd_china

逍遥纨绔

paynexss

caizh211314

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

tomcat 启动ssl(双向认证)

博客分类：

加密相关

tomcat 数字证书

前一篇写了TOMCAT怎么进行SSL单向认证
现在接着写TOMCAT怎么进行SSL双向认证
1、通过keytools生成serverkeystore
keytool -genkey -alias tomcat -keyalg RSA -keypass changeit -storepass changeit -keystore d:\server.keystore
注意CN必须域名
比如以后通过https://localhost:8443/path/ 访问网站
这时候CN = localhost
2、导出x509证书
keytool -export -alias tomcat -file d:\server.cer -keystore d:\server.keystore.
先导出一个x509证书
3、新建client信任的trustclientkeystore.
keytool -genkey -alias trust -keyalg RSA -keypass changeit -storepass changeit -keystore d:\trust.keystore
4、添加服务器端证书进入本地信任trustclientkeystore.
keytool -import -v -alias tomcat -file d:\server.cer -keystore d:\trust.keystore
前面不变
5、通过keytools生成clientkeystore
keytool -genkey -alias client -keyalg RSA -keypass changeit -storepass changeit -keystore d:\client.keystore
6、导出x509证书
keytool -export -alias client -file d:\client.cer -keystore d:\client.keystore.
7、新建server信任的trustserverkeystore.
keytool -genkey -alias trustserver -keyalg RSA -keypass changeit -storepass changeit -keystore d:\trustserver.keystore
8、添加本地证书进入服务器信任trustserverkeystore.
keytool -import -v -alias client -file d:\client.cer -keystore d:\trustserver.keystore
到目前为止就有2个keystore 2个trustkeystore
9、tomcat 配置

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"  
maxThreads="150" scheme="https" secure="true"  
[color=red]clientAuth="true"[/color] sslProtocol="TLS"  
keystoreFile="d:/server.keystore"  keystorePass="changeit"
truststoreFile="d:/trustserver.keystore" truststorePass="changeit"
/>

clientAuth 设置为 true

10、javacode

import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;

public class Client {
	/**
	 * @param args
	 * @throws Exception
	 */
	public static void main(String[] args) throws Exception {
		HttpClient httpclient = new DefaultHttpClient();
		KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
		KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
		FileInputStream keyStoreIn = new FileInputStream(new File("d:/client.keystore"));
		FileInputStream trustStoreIn = new FileInputStream(new File("d:/trust.keystore"));
		
		try {
			keyStore.load(keyStoreIn, "123456".toCharArray());
			trustStore.load(trustStoreIn, "123456".toCharArray());
		} finally {
			keyStoreIn.close();
			trustStoreIn.close();
		}
		SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore, "123456", trustStore);
		httpclient.getConnectionManager().getSchemeRegistry().register(new Scheme("https",socketFactory, 8443));
		HttpPost httpget = new HttpPost("https://localhost:8443/SSOClient/login.html");
		System.out.println("Request:" + httpget.getRequestLine());
		HttpResponse response = httpclient.execute(httpget);
		System.out.println(response.getStatusLine());
		httpclient.getConnectionManager().shutdown();
	}
}

分享到：