Tomcat下HTTPS雙向認證配置以及客戶端調用案例


1:生成服務器端的keystore和truststore文件

(1)以jks格式生成服務器端包含Public key和Private Key的keystore文件

keytool -genkey -alias qdssfw -keystore serverKeystore.jks -keypass qdssfw -storepass qdssfw -keyalg RSA  -keysize 2048 -validity 3650 -v -dname "CN = qdssfw,O = WZH,DC = WZH,DC = WZH,OU = WZH"

注意:CN的值必須與SSL客戶端要連接的SSL服務器的主機名一致。

(2)從keystore中導出別名為server的服務端證書

keytool -export -alias server  -keystore serverKeystore.jks -storepass qdssfw -file server.cer

(3)將 server.cer導入客戶端的信任證書庫clientTruststore.jks

keytool -import -alias trustServer -file server.cer -keystore clientTruststore.jks -storepass qdssfw

2:生成客戶端的keystore和truststore文件

(1)以jks格式生成服務器端包含Public key和Private Key的keystore文件

keytool -genkey -alias client -keystore clientKeystore.jks -keypass qdssfw -storepass qdssfw -keyalg RSA  -keysize 2048 -validity 3650 -v -dname "CN = qdssfw,O = WZH,DC = WZH,DC = WZH,OU = WZH"

(2) 從keystore中導出別名為client的客戶端證書.

keytool -export -alias client -keystore clientKeystore.jks -storepass qdssfw -file client.cer

(3)將client.cer導入服務端的信任證書庫serverTruststore.jks

keytool -import -alias trustClient -file client.cer -keystore serverTruststore.jks -storepass qdssfw 

3:證書信息

服務器端: serverKeystore.jks   serverTruststore.jks

 

客戶端:   clientKeystore.jks   clientTruststore.jks

4:測試

(1)Tomcat服務器端配置雙向HTTPS認證

<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"  

               maxThreads="150" scheme="https" secure="true"  

           clientAuth="true" sslProtocol="TLS"   

           keystoreFile="keystore/serverKeystore.jks" keystorePass="qdssfw"   

 

        truststoreFile="keystore/serverTruststore.jks" truststorePass="qdssfw"/>

(2)Java客戶端訪問

public static void main(String[] args) throws Exception {

        DefaultHttpClient httpclient = new DefaultHttpClient();  

  

        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());  

        KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());  

  

        FileInputStream keyStoreIn = new FileInputStream(new File("C:\\ca2\\clientKeystore.jks"));  

        FileInputStream trustStoreIn = new FileInputStream(new File("C:\\ca2\\clientTruststore.jks"));  

  

        try {  

            keyStore.load(keyStoreIn, "qdssfw".toCharArray());  

            trustStore.load(trustStoreIn, "qdssfw".toCharArray());  

        } finally {  

            keyStoreIn.close();  

            trustStoreIn.close();  

        }  

  

        SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore,  "qdssfw", trustStore);  

        Scheme sch = new Scheme("https", socketFactory, 8443);  

  

        httpclient.getConnectionManager().getSchemeRegistry().register(sch);  

  

        HttpGet httpget = new HttpGet("https://qdssfw:8443/test02/TestServlet");  

  

        System.out.println("Request:" + httpget.getRequestLine());  

  

        HttpResponse response = httpclient.execute(httpget);  

        HttpEntity entity = response.getEntity();  

   

        System.out.println(response.getStatusLine());  

        

        if (entity != null) {  

            System.out.println("Response content length: "  + entity.getContentLength());  

            

            System.out.println(readResponseBody(entity.getContent()));

        }  

        if (entity != null) {  

            entity.consumeContent();  

        }  

        

        httpclient.getConnectionManager().shutdown();  

  

  }  

備注:修改host文件增加:127.0.0.1qdssfw


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM