tomcat ssh

生成服务器证书:
keytool -genkey -v -alias server -keyalg RSA -keystore c:\tomcat.jks -dname "CN=server,OU=nice,O=nice,L=BJ,ST=BJ,C=CN"
-storepass 12345678 -keypass 12345678  -validity 3650
注意:标红的为你得域名,如果是本地则为localhost不然,回报****不匹配的异常,请谨记
--------------------------------------------------------------------------------------------------------------------------------------------------

为客户端生成证书:
keytool -genkey -v -alias mykey -keyalg RSA -storetype PKCS12 -keystore c:\mykey.p12  -dname
"CN=mykey,OU=nice,O=nice,L=BJ,ST=BJ,C=CN" -storepass 12345678 -keypass 12345678  -validity 3650

--------------------------------------------------------------------------------------------------------------------------------------------------

让服务器端信任客户端证书:
keytool -export -alias mykey -keystore c:\mykey.p12 -storetype PKCS12 -storepass 12345678 -rfc -file c:\mykey.cer
keytool -import -v -file c:\mykey.cer -keystore c:\tomcat.jks -storepass 12345678

--------------------------------------------------------------------------------------------------------------------------------------------------

查看证书:
keytool -list -keystore c:\tomcat.jks -storepass 12345678 -v

--------------------------------------------------------------------------------------------------------------------------------------------------

Tomcat5配置SSL单向认证:
server.xml配置

    <Connector protocol="org.apache.coyote.http11.Http11AprProtocol"
               port="8443" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="$./jks/tomcat.jks" keystorePass="12345678"
               />

--------------------------------------------------------------------------------------------------------------------------------------------------

强制跳转SSL:
web.xml增加配置

    <login-config>
        <!-- Authorization setting for SSL -->
        <auth-method>CLIENT-CERT</auth-method>
        <realm-name>Client Cert Users-only Area</realm-name>
    </login-config>
    <security-constraint>
        <!-- Authorization setting for SSL -->
        <web-resource-collection>
            <web-resource-name>SSL</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

--------------------------------------------------------------------------------------------------------------------------------------------------

Tomcat6.0配置SSL单向认证:
server.xml配置

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="./jks/tomcat.jks" keystorePass="12345678" 
             />

--------------------------------------------------------------------------------------------------------------------------------------------------

强制跳转SSL:
web.xml增加配置

    <login-config>
        <!-- Authorization setting for SSL -->
        <auth-method>CLIENT-CERT</auth-method>
        <realm-name>Client Cert Users-only Area</realm-name>
    </login-config>
    <security-constraint>
        <!-- Authorization setting for SSL -->
        <web-resource-collection>
            <web-resource-name>SSL</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

--------------------------------------------------------------------------------------------------------------------------------------------------

Tomcat6.0配置SSL双向认证:
server.xml配置

    <Connector executor="tomcatThreadPool"
               port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />


    <Connector className="org.apache.coyote.tomcat6.CoyoteConnector"
           port="8443" protocol="HTTP/1.1"  acceptCount="100"
           maxThreads="150"  enableLookups="true"
           minProcessors="5"  maxProcessors="75"
           SSLEnabled="true" scheme="https" secure="true"
           clientAuth="true" sslProtocol="TLS"
           keystoreFile="./jks/server.jks" keystorePass="12345678"
           truststoreFile="./jks/server.jks" truststorePass="12345678"
         />
Link:http://blog.csdn.net/caizhh2009/article/details/7063820

你可能感兴趣的:(tomcat)