文章来源:http://blog.csdn.net/shiwenqing/article/details/7768939
1.首先使用java 自带的keytools生成我们所需要的密钥证书。
为了方便起见这里使用bat文件生成,关于keytools的具体使用大家可查看相关文档
- set SERVER_DN="CN=127.0.0.1, OU=SPH, O=SPH, L=sh, S=sh, C=CN"
- set CLIENT_DN="CN=Client, OU=SPH, O=SPH, L=sh, S=sh, C=CN"
- set PASS_SET= hpadmin
- keytool -genkey -v -alias server -keyalg RSA -keystore D:/SSL/server/server.keystore -dname %SERVER_DN% -validity 3650 -storepass %PASS_SET% -keypass %PASS_SET%
- keytool -genkey -v -alias client -keyalg RSA -storetype PKCS12 -keystore D:/SSL/client/client.p12 -dname %CLIENT_DN% -validity 3650 -storepass client -keypass client
- keytool -export -alias client -keystore D:/SSL/client/client.p12 -storetype PKCS12 -storepass client -rfc -file D:/SSL/client/client.cer
- keytool -import -alias client -v -file D:/SSL/client/client.cer -keystore D:/SSL/server/server.keystore -storepass %PASS_SET%
- keytool -export -alias server -keystore D:/SSL/server/server.keystore -storepass %PASS_SET% -rfc -file D:/SSL/server/server.cer
- keytool -import -file D:/SSL/server/server.cer -storepass %PASS_SET% -keystore D:/SSL/client/client.truststore -alias server -noprompt
- pause
注意:SERVER_DN 中的 CN一定要是发布服务器的IP地址或者是文件名!这里使用本机测试故设置为127.0.0.1
2.密钥以及证书生成之后进行tomcat的配置
进入并打开%TOMCAT_HOME%/conf/server.xml
添加如下配置
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
- maxThreads="150" scheme="https" secure="true"
- clientAuth="true " sslProtocol="TLS"
- keystoreFile="D:/SSL/server/server.keystore" keystorePass="hpadmin"
- truststoreFile="D:/SSL/server/server.keystore" truststorePass="hpadmin"
- />
3.如果有需求对所有的请求都使用https访问的话,需要对tomcat 下的web.xml 添加以下代码:
- <security-constraint>
- <web-resource-collection>
- <web-resource-name>SSL</web-resource-name>
- <url-pattern>/*</url-pattern>
- </web-resource-collection>
- <user-data-constraint>
- <transport-guarantee>CONFIDENTIAL</transport-guarantee>
- </user-data-constraint>
- </security-constraint>
注意:<url-pattern>根据自己的的需求进行修改
4.对Axis2进行配置
修改发布的axis2.xml,添加以下代码:
- <transportReceiver name="https" class="org.apache.axis2.transport.http.AxisServletListener">
- <parameter name="port">8443</parameter>
- </transportReceiver>
- <transportSender name="https"
- class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
- <parameter name="PROTOCOL">HTTP/1.1</parameter>
- <parameter name="Transfer-Encoding">chunked</parameter>
- </transportSender>
ok,到此我们配置完毕,非常简单的操作。