我要实现的是把webservice的http更改为https
1.需要生成两类证书:server端、client端【生成之前必须安装jdk】
生成证书的bat文件内容为:
set SERVER_DN="CN=Server, OU=xmkj, O=xmkj, L=beijing, S=beijing, C=CN"
set CLIENT_DN="CN=Client, OU=xmkj, O=xmkj, L=beijing, S=beijing, C=CN"
set KS_PASS=-storepass xmkjbgs
set KEYINFO=-keyalg RSA
keytool -genkey -alias Server -dname %SERVER_DN% %KS_PASS% -keystore server.keystore %KEYINFO% -keypass xmkjbgs
keytool -export -alias Server -file test_axis.cer %KS_PASS% -keystore server.keystore
keytool -import -file test_axis.cer %KS_PASS% -keystore client.truststore -alias serverkey -noprompt
keytool -genkey -alias Client -dname %CLIENT_DN% %KS_PASS% -keystore client.keystore %KEYINFO% -keypass xmkjbgs
keytool -export -alias Client -file test_axis.cer %KS_PASS% -keystore client.keystore
keytool -import -file test_axis.cer %KS_PASS% -keystore server.truststore -alias clientkey -noprompt
执行后的结果为生成文件:client.keystore、client.truststire、server.keystore、server.truststire。
2.配置tomcat支持https:
编辑tomcat目录下的conf文件夹中的server.xml
将<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"开头的注释代码解开并更改为:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" keystoreFile="D:/SSL/server.keystore" keystorePass="xmkjbgs" truststoreFile="D:/SSL/server.keystore" truststorePass="xmkjbgs" sslProtocol="TLS"/>
然后重启tomcat就ok了