服务器端证书:
keytool -genkey -v -alias server -keyalg RSA -keystore c:\tomcat.jks -dname "CN=server,OU=nice,O=nice,L=BJ,ST=BJ,C=CN" -storepass 12345678 -keypass 12345678 -validity 3650
导出服务器端证书(CER):
keytool -export -alias server -keystore c:\tomcat.jks -storepass 12345678 -rfc -file c:\server.cer
制作客户端证书:
keytool -genkey -v -alias client -keyalg RSA -keystore c:\client.jks -dname "CN=client,OU=nice,O=nice,L=BJ,ST=BJ,C=CN" -storepass 12345678 -keypass 12345678 -validity 3650
导出服务器端证书(CER):
keytool -export -alias client -keystore c:\client.jks -storepass 12345678 -rfc -file c:\client.cer
将客户端证书信任服务器端证书(CER):
keytool -import -noprompt -trustcacerts -alias server -file c:\server.cer -keystore c:\client.jks -storepass 12345678
将服务器端证书信任客户端证书(CER):
keytool -import -noprompt -trustcacerts -alias client -file c:\client.cer -keystore c:\tomcat.jks -storepass 12345678
查看服务器端证书:
keytool -list -keystore c:\tomcat.jks -storepass 12345678 -v
查看客户端证书:
keytool -list -keystore c:\client.jks -storepass 12345678 -v
package com.what21.demo05;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
/**
*/
public class TrustAnyVerifier implements HostnameVerifier {
public boolean verify(String hostname, SSLSession session) {
System.out.println(">>> " + hostname + " " + session);
return true;
}
}
package com.what21.demo05;
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import javax.net.ssl.HttpsURLConnection;
public class AccessHttpsResource {
/**
* @param args
*/
public static void main(String[] args) throws Exception {
// 设置客户端信任证书
System.setProperty("javax.net.ssl.trustStore", "c:/client.jks");
System.setProperty("javax.net.ssl.trustStorePassword","12345678");
// 主机名称验证策略
HttpsURLConnection
.setDefaultHostnameVerifier(new TrustAnyVerifier());
String address = "https://127.0.0.1:8443/";
URL url = new URL(address);
URLConnection conn = url.openConnection();
InputStream input = conn.getInputStream();
int result = input.read();
System.out.println(result);
}
}