tomcat ssh
生成服务器证书:keytool -genkey -v -alias server -keyalg RSA -keystore c:\tomcat.jks -dname "CN=server,OU=nice,O=nice,L=BJ,ST=BJ,C=CN"
-storepass 12345678 -keypass 12345678-validity 3650
注意:标红的为你得域名,如果是本地则为localhost不然,回报****不匹配的异常,请谨记
--------------------------------------------------------------------------------------------------------------------------------------------------
为客户端生成证书:
keytool -genkey -v -alias mykey -keyalg RSA -storetype PKCS12 -keystore c:\mykey.p12-dname
"CN=mykey,OU=nice,O=nice,L=BJ,ST=BJ,C=CN" -storepass 12345678 -keypass 12345678-validity 3650
--------------------------------------------------------------------------------------------------------------------------------------------------
让服务器端信任客户端证书:
keytool -export -alias mykey -keystore c:\mykey.p12 -storetype PKCS12 -storepass 12345678 -rfc -file c:\mykey.cer
keytool -import -v -file c:\mykey.cer -keystore c:\tomcat.jks -storepass 12345678
--------------------------------------------------------------------------------------------------------------------------------------------------
查看证书:
keytool -list -keystore c:\tomcat.jks -storepass 12345678 -v
--------------------------------------------------------------------------------------------------------------------------------------------------
Tomcat5配置SSL单向认证:
server.xml配置
<Connector protocol="org.apache.coyote.http11.Http11AprProtocol"
port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="$./jks/tomcat.jks" keystorePass="12345678"
/>
--------------------------------------------------------------------------------------------------------------------------------------------------
强制跳转SSL:
web.xml增加配置
<login-config>
<!-- Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection>
<web-resource-name>SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
--------------------------------------------------------------------------------------------------------------------------------------------------
Tomcat6.0配置SSL单向认证:
server.xml配置
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="./jks/tomcat.jks" keystorePass="12345678"
/>
--------------------------------------------------------------------------------------------------------------------------------------------------
强制跳转SSL:
web.xml增加配置
<login-config>
<!-- Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection>
<web-resource-name>SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
--------------------------------------------------------------------------------------------------------------------------------------------------
Tomcat6.0配置SSL双向认证:
server.xml配置
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector className="org.apache.coyote.tomcat6.CoyoteConnector"
port="8443" protocol="HTTP/1.1"acceptCount="100"
maxThreads="150"enableLookups="true"
minProcessors="5"maxProcessors="75"
SSLEnabled="true" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="./jks/server.jks" keystorePass="12345678"
truststoreFile="./jks/server.jks" truststorePass="12345678"
/>
Link:http://blog.csdn.net/caizhh2009/article/details/7063820
页:
[1]