**#Tomcat本机单向认证之后使用websocket wss长连接到本机或其他机器上的项目出现异常出错#
**
ps:用localhost长链接可以,用ip访问出错
解决方法有两个
1、两个项目使用同个证书
两个项目同时使用同一个证书之后,需修改原有的tomcat的server.xml设置
重启tomcat即可解决问题
方式2、利用nginx来解决
首先,下载nginx,打开conf/nginx.conf,在http大括号中添加内容
server {
server_name 域名;
listen 8008;
ssl on;
ssl_certificate xxxx/server.pem;
ssl_certificate_key xxxx/server.key;
}
注:其中xxxx为文件所在的位置
但是,tomcat生成的是keystore文件,我们需要将文件转成.pem和.key文件;
①打开keystore所在目录生成密钥对:
keytool -genkey -alias tomcat-server -keyalg RSA -keypass xxxxxxx -storepass xxxxxxx -keystore server.keystore
②将服务器证书导出为证书文件
keytool -export -alias tomcat-server -storepass xxxxxxx -file server.cer -keystore server.keystore
③将server.cer转成pfx,不能用命令直接生成,我们利用工具类生成
package com.south.common.util;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.util.Enumeration;
public class CoverToPfx {
public static final String PKCS12 = "PKCS12";
public static final String JKS = "JKS";
public static final String PFX_KEYSTORE_FILE = "XXX/server.pfx"; //导出的pfx地址
public static final String KEYSTORE_PASSWORD = "123456"; //生成证书时的密码
public static final String JKS_KEYSTORE_FILE = "XXX/.keystore"; //导入的keystore文件地址
public static void coverTokeyStore() {
try {
KeyStore inputKeyStore = KeyStore.getInstance("PKCS12");
FileInputStream fis = new FileInputStream(PFX_KEYSTORE_FILE );
char[] nPassword = null;
if (( KEYSTORE_PASSWORD == null) || KEYSTORE_PASSWORD.trim().equals("" )) {
nPassword = null;
} else {
nPassword = KEYSTORE_PASSWORD.toCharArray();
}
inputKeyStore.load(fis, nPassword);
fis.close();
KeyStore outputKeyStore = KeyStore.getInstance("JKS");
outputKeyStore.load( null, KEYSTORE_PASSWORD.toCharArray());
Enumeration<String> enums = inputKeyStore.aliases();
while (enums.hasMoreElements()) { // we are readin just one
// certificate.
String keyAlias = enums.nextElement();
System. out.println( "alias=[" + keyAlias + "]");
if (inputKeyStore.isKeyEntry(keyAlias)) {
Key key = inputKeyStore.getKey(keyAlias, nPassword);
Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias);
outputKeyStore.setKeyEntry(keyAlias, key, KEYSTORE_PASSWORD.toCharArray(), certChain);
}
}
FileOutputStream out = new FileOutputStream(JKS_KEYSTORE_FILE );
outputKeyStore.store(out, nPassword);
out.close();
} catch (Exception e) {
e.printStackTrace();
}
}
public static void coverToPfx() {
try {
KeyStore inputKeyStore = KeyStore.getInstance("JKS");
FileInputStream fis = new FileInputStream(JKS_KEYSTORE_FILE );
char[] nPassword = null;
if (( KEYSTORE_PASSWORD == null) || KEYSTORE_PASSWORD.trim().equals("" )) {
nPassword = null;
} else {
nPassword = KEYSTORE_PASSWORD.toCharArray();
}
inputKeyStore.load(fis, nPassword);
fis.close();
KeyStore outputKeyStore = KeyStore.getInstance("PKCS12");
outputKeyStore.load( null, KEYSTORE_PASSWORD.toCharArray());
Enumeration<String> enums = inputKeyStore.aliases();
while (enums.hasMoreElements()) { // we are readin just one
// certificate.
String keyAlias = enums.nextElement();
System. out.println( "alias=[" + keyAlias + "]");
if (inputKeyStore.isKeyEntry(keyAlias)) {
Key key = inputKeyStore.getKey(keyAlias, nPassword);
Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias);
outputKeyStore.setKeyEntry(keyAlias, key, KEYSTORE_PASSWORD.toCharArray(), certChain);
}
}
FileOutputStream out = new FileOutputStream(PFX_KEYSTORE_FILE );
outputKeyStore.store(out, nPassword);
out.close();
} catch (Exception e) {
e.printStackTrace();
}
}
public static void main(String[] args) {
coverToPfx();
}
}
运行后生成pfx文件,将文件路径填入nginx配置中,重启tomcat
至此wss链接成功