tomcat 下SSL客户端验证相关配置
1,key配置:Windows:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA
Unix:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
注:在生成keystore文件的时候,需要将“您的名字与姓氏是什么”指定为网站域名,否则httpclient无法正常访问;
2,修改server.xml配置文件:
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector acceptCount="100" clientAuth="false" disableUploadTimeout="true"
enableLookups="false" maxHttpHeaderSize="8192" maxSpareThreads="75"
maxThreads="150" minSpareThreads="25" debug="1" port="8443" scheme="https"
secure="true" sslProtocol="TLS" keystoreFile="d:\.keystore" keystorePass="123456" keystoreType="JKS"/>
主要是要指定密钥文件存放位置、密码和存储类型:
keystoreFile="d:\.keystore" keystorePass="123456" keystoreType="JKS"
对于web端访问,上述即可;
3,对于HttpClient(或HttpsURLConnection)访问,需要用如下方法实现:
URL url = new URL(httpsUrl);
// proxyHost="192.168.3.200";
// proxyPort=808;
// Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxyHost, proxyPort));
// // Sock
InputStream fis = XmlChannel.class.getResourceAsStream("/.keystore");
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(fis, "123456".toCharArray());
KeyManagerFactory keyManager = KeyManagerFactory.getInstance("SunX509");
keyManager.init(keyStore, "123456".toCharArray());
TrustManager[] trustMangers;
TrustManagerFactory trustManagerFatory = TrustManagerFactory.getInstance("SunX509");
trustManagerFatory.init(keyStore);
// fis = XmlChannel.class.getResourceAsStream("/.keystore");
// KeyStore ts = KeyStore.getInstance("JKS");
// ts.load(fis, "123456".toCharArray());
//
// trustManagerFatory.init(ts);
trustMangers = trustManagerFatory.getTrustManagers();
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(keyManager.getKeyManagers(), trustMangers, null);
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
HttpsURLConnection conn = null;conn = (HttpsURLConnection) url.openConnection();
conn.setSSLSocketFactory(sslSocketFactory);
更加详细的情况可以参考tomcat的说明文档
页:
[1]