配置tomcat6.0的HTTPS

利用JDK自带的产生证书的工具 生成证书

建立一个脚本文件，内容如下：

set SERVER_DN="CN=Server, OU=share, O=share, L=sz, S=gd, C=CN"
set CLIENT_DN="CN=Client, OU=share, O=share, L=sz, S=gd, C=CN"
set KS_PASS=-storepass changeit
set KEYINFO=-keyalg RSA

keytool -genkey -alias Server -dname %SERVER_DN% %KS_PASS% -keystore server.keystore %KEYINFO% -keypass changeit
keytool -export -alias Server -file test.cer %KS_PASS% -keystore server.keystore
keytool -import -file test.cer %KS_PASS% -keystore client.truststore -alias serverkey -noprompt

keytool -genkey -alias Client -dname %CLIENT_DN% %KS_PASS% -keystore client.keystore %KEYINFO% -keypass changeit
keytool -export -alias Client -file test.cer %KS_PASS% -keystore client.keystore
keytool -import -file test.cer %KS_PASS% -keystore server.truststore -alias clientkey -noprompt
pause

运行后生成下面的文件

server.keystore

server.truststore

client.truststore

client.keystore

test.cer

然后配置tomcat

打开server.xml

添加

<Connector port="8443" className="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEnabled="true" clientAuth="false"
keystoreFile="c:\server.keystore" keystorePass="changeit"
truststoreFile="c:\server.truststore" truststorePass="changeit"

sslProtocol="TLS" />
这样就可以通过 https://....:8443 访问了

如果要通过程序代码访问https的WebService 那么需要添加JVM参数

-Djavax.net.ssl.keyStore=C:\client\client.keystore
-Djavax.net.ssl.keyStorePassword=changeit
-Djavax.net.ssl.trustStore=C:\client\client.truststore