借鉴了网上同学的资料,自己实践出来的
1、生成服务器证书库
keytool -validity 365 -genkey -v -alias server -keyalg RSA -keystore d:/server.keystore -storepass 123456 -keypass 123456
2、生成客户端证书库
keytool -validity 365 -genkeypair -v -alias client -keyalg RSA -storetype PKCS12 -keystore d:/client.p12 -storepass 123456 -keypass 123456
3、从客户端证书库中导出客户端证书
keytool -export -v -alias client -keystore d:/client.p12 -storetype PKCS12 -storepass 123456 -rfc -file d:/client.cer
4、从服务器证书库中导出服务器证书
keytool -export -v -alias server -keystore d:/server.keystore -storepass 123456 -rfc -file d:/server.cer
5、生成客户端信任证书库(由服务端证书生成的证书库)
#该步骤是生成的truststore公钥证书是为了httpclient的方法使用
keytool -import -v -alias server -file E:\ssl\server.cer -keystore E:\ssl\client.truststore -storepass 123456
6、将客户端证书导入到服务器证书库(使得服务器信任客户端证书)
keytool -import -v -alias client -file d:/client.cer -keystore d:/server.keystore -storepass 123456
7、查看证书库中的全部证书
keytool -list -keystore E:\ssl\server.keystore -storepass 123456
#生成包含公私钥的keystore文件
#tomcat中配置该keystore文件
修改${TOMCAT_HOME}/conf/server.xml
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS" keystoreFile="conf/server.keystore" keystorePass="tangsi"
truststoreFile="conf/server.keystore" truststorePass="tangsi"/>
完成。
客户端浏览器必须导入client.p12 与server.cer文件才能与服务器建立完整的ssl双向链接
通过httpclient4.1.3访问服务器
@Test
public void test1() throws KeyManagementException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException,
CertificateException, FileNotFoundException, IOException
{
HttpClient client = new DefaultHttpClient();
KeyStore keystore = KeyStore.getInstance("PKCS12");
keystore.load(new FileInputStream(new File("d:/client.p12")), "tangsi".toCharArray());
KeyStore truststore = KeyStore.getInstance("JKS");
truststore.load(new FileInputStream(new File("d:/client.truststore")), "tangsi".toCharArray());
SSLSocketFactory socketFactory = new SSLSocketFactory(keystore, "tangsi", truststore);
Scheme scheme = new Scheme("https", 8443, socketFactory);
client.getConnectionManager().getSchemeRegistry().register(scheme);
HttpGet httpGet = new HttpGet("https://ts.com:8443/ttt/sss.html");
HttpResponse httpResponse = client.execute(httpGet);
HttpEntity httpEntity = httpResponse.getEntity();
BufferedReader reader = new BufferedReader(new InputStreamReader(httpEntity.getContent(), "UTF-8"));
String line = null;
while ((line = reader.readLine()) != null)
{
System.out.println(line);
}
reader.close();
}