tomcat 启动ssl(双向认证)

编程语言 2018-05-13 02:37:47 阅读次数: 0
前一篇写了TOMCAT怎么进行SSL单向认证
现在接着写TOMCAT怎么进行SSL双向认证
1、通过keytools生成serverkeystore
keytool -genkey -alias tomcat -keyalg RSA -keypass changeit -storepass changeit -keystore d:\server.keystore
注意CN必须域名
比如以后通过https://localhost:8443/path/ 访问网站
这时候CN = localhost
2、导出x509证书
keytool -export -alias tomcat -file d:\server.cer -keystore d:\server.keystore.
先导出一个x509证书
3、新建client信任的trustclientkeystore.
keytool -genkey -alias trust -keyalg RSA -keypass changeit -storepass changeit -keystore d:\trust.keystore
4、添加服务器端证书进入本地信任trustclientkeystore.
keytool -import -v -alias tomcat -file d:\server.cer -keystore d:\trust.keystore
前面不变
5、通过keytools生成clientkeystore
keytool -genkey -alias client -keyalg RSA -keypass changeit -storepass changeit -keystore d:\client.keystore
6、导出x509证书
keytool -export -alias client -file d:\client.cer -keystore d:\client.keystore.
7、新建server信任的trustserverkeystore.
keytool -genkey -alias trustserver -keyalg RSA -keypass changeit -storepass changeit -keystore d:\trustserver.keystore
8、添加本地证书进入服务器信任trustserverkeystore.
keytool -import -v -alias client -file d:\client.cer -keystore d:\trustserver.keystore
到目前为止就有2个keystore 2个trustkeystore
9、tomcat 配置 
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"  
maxThreads="150" scheme="https" secure="true"  
[color=red]clientAuth="true"[/color] sslProtocol="TLS"  
keystoreFile="d:/server.keystore"  keystorePass="changeit"
truststoreFile="d:/trustserver.keystore" truststorePass="changeit"
/>

clientAuth 设置为 true

10、javacode 
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;

public class Client {
	/**
	 * @param args
	 * @throws Exception
	 */
	public static void main(String[] args) throws Exception {
		HttpClient httpclient = new DefaultHttpClient();
		KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
		KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
		FileInputStream keyStoreIn = new FileInputStream(new File("d:/client.keystore"));
		FileInputStream trustStoreIn = new FileInputStream(new File("d:/trust.keystore"));
		
		try {
			keyStore.load(keyStoreIn, "123456".toCharArray());
			trustStore.load(trustStoreIn, "123456".toCharArray());
		} finally {
			keyStoreIn.close();
			trustStoreIn.close();
		}
		SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore, "123456", trustStore);
		httpclient.getConnectionManager().getSchemeRegistry().register(new Scheme("https",socketFactory, 8443));
		HttpPost httpget = new HttpPost("https://localhost:8443/SSOClient/login.html");
		System.out.println("Request:" + httpget.getRequestLine());
		HttpResponse response = httpclient.execute(httpget);
		System.out.println(response.getStatusLine());
		httpclient.getConnectionManager().shutdown();
	}
}

猜你喜欢

转载自donald3003a.iteye.com/blog/1688199
今日推荐
面壁智能发布 Eurux-8x22B 开源大模型 —— 堪称「理科状元」
开源日报 | 谷歌扶持鸿蒙上位;开源Rabbit R1;Docker加持的安卓手机;微软的焦虑和野心;海尔电器把开放平台关了
中国码农的“35岁魔咒”
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Arc Browser for Windows 1.0 正式 GA
90后程序员开发视频搬运软件、不到一年获利超 700 万,结局很刑!
周排行
【转】spring中对控制反转和依赖注入的理解
tms webcore 安装和使用
java程序员进阶相关书籍
SpringMVC接受请求参数、
如何保存训练好的机器学习模型
MyEclipse、Eclipse设置项目JDK的三个地方
商超行业微信小程序开发定制一般多少钱 (行业技术人员解读)
Markdown编辑器语言——30分钟入门到到精通
Linux系统下MongoDB的简单安装与基本操作
Power Strings
每日归档
更多
2024-05-07(14)
2024-05-06(40)
2024-05-05(0)
2024-05-04(7)
2024-05-03(19)
2024-05-02(0)
2024-05-01(4)
2024-04-30(1)
2024-04-29(40)
2024-04-28(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022