1.首先用jdk自带的工具keytool生成一个证书keystore
C:\Documents and Settings\Administrator>keytool -genkey -alias sxta -keyalg RSA -keystore D:\sxta.keystore Enter keystore password: sxta Keystore password is too short - must be at least 6 characters Enter keystore password: sxtaweb What is your first and last name? [Unknown]: ** What is the name of your organizational unit? [Unknown]: 山西**科技有限公司 What is the name of your organization? [Unknown]: 山西**科技有限公司 What is the name of your City or Locality? [Unknown]: 太原 What is the name of your State or Province? [Unknown]: 山西 What is the two-letter country code for this unit? [Unknown]: cn Is <CN=, OU=q?npW?q?? Pl?, O=q?npW?q?? Pl?, L=*?, ST=q, C=cn> correct? [no]: y Enter key password for <sxta> (RETURN if same as keystore password): C:\Documents and Settings\Administrator>
2.http://java.sun.com/products/archive/jsse/ 去下载jsse,下载下来后是一个zip包,把里边lib目录下的jar包jcert.jar, jnet.jar, jsse.jar拷贝到$JAVA_HOME/jre/lib/ext
3.修改tomcat目录下的server.xml文件,增加
<Connector port="8443" protocol="HTTP/1.1" minSpareThreads="5" maxSpareThreads="75" enableLookups="true" disableUploadTimeout="true" acceptCount="100" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="d:/credit.keystore" keystorePass="creditworld" clientAuth="false" sslProtocol="TLS"/>
其中keystorePass的值为生成keystore时输入的密码,keystoreFile的值为证书存放的路径.
4.web.xml 增加
<security-constraint>
<web-resource-collection>
<web-resource-name>sslapp</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>