webService保险传输
webService安全传输
1、首先是要用jdk的keytool工具生成客户和服务器端的密钥和信任状:
gen-cer-store.bat内容如下:
set SERVER_DN="CN=Server, OU=ec, O=ec, L=BEIJINGC, S=BEIJING, C=CN"
set CLIENT_DN="CN=Client, OU=ec, O=ec, L=BEIJING, S=BEIJING, C=CN"
set KS_PASS=-storepass changeit
set KEYINFO=-keyalg RSA
keytool -genkey -alias Server -dname %SERVER_DN% %KS_PASS% -keystore server.keystore %KEYINFO% -keypass changeit
keytool -export -alias Server -file test_axis.cer %KS_PASS% -keystore server.keystore
keytool -import -file test_axis.cer %KS_PASS% -keystore client.truststore -alias serverkey -noprompt
keytool -genkey -alias Client -dname %CLIENT_DN% %KS_PASS% -keystore client.keystore %KEYINFO% -keypass changeit
keytool -export -alias Client -file test_axis.cer %KS_PASS% -keystore client.keystore
keytool -import -file test_axis.cer %KS_PASS% -keystore server.truststore -alias clientkey -noprompt
好的,现在我们就有了四个文件:server.keystore,server.truststore,client.keystore,client.truststore
2、将server.keystore,server.truststore放在服务端的tomcat目录下,配置tomcat的server.xml
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" keystoreFile="E:\Tomcat5.5\server.keystore" keystorePass="changeit"
truststoreFile="E:\Tomcat5.5\server.truststore" truststorePass="changeit"
sslProtocol="TLS" />
上面的是有问题的 因该按照如下配置
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Program Files\Apache Software Foundation\Tomcat 6.0\server.keystore" keystorePass="changeit"
truststoreFile="C:\Program Files\Apache Software Foundation\Tomcat 6.0\server.truststore" truststorePass="changeit" />
3、将客户端以前的http://10.7.7.32:8080/ebiz/services/AuthService 改为
https://10.7.7.32:8443/ebiz/services/AuthService
4、将client.keystore,client.truststore放在客户端类文件同一目录,执行如下命令
java -cp %AXISCLASSPATH%
-Djavax.net.ssl.keyStore=client.keystore
-Djavax.net.ssl.keyStorePassword=changeit
-Djavax.net.ssl.trustStore=client.truststore
TestClient
本文来自****博客,转载请标明出处:http://blog.****.net/insiderys/archive/2005/11/19/532864.aspx
1、首先是要用jdk的keytool工具生成客户和服务器端的密钥和信任状:
gen-cer-store.bat内容如下:
set SERVER_DN="CN=Server, OU=ec, O=ec, L=BEIJINGC, S=BEIJING, C=CN"
set CLIENT_DN="CN=Client, OU=ec, O=ec, L=BEIJING, S=BEIJING, C=CN"
set KS_PASS=-storepass changeit
set KEYINFO=-keyalg RSA
keytool -genkey -alias Server -dname %SERVER_DN% %KS_PASS% -keystore server.keystore %KEYINFO% -keypass changeit
keytool -export -alias Server -file test_axis.cer %KS_PASS% -keystore server.keystore
keytool -import -file test_axis.cer %KS_PASS% -keystore client.truststore -alias serverkey -noprompt
keytool -genkey -alias Client -dname %CLIENT_DN% %KS_PASS% -keystore client.keystore %KEYINFO% -keypass changeit
keytool -export -alias Client -file test_axis.cer %KS_PASS% -keystore client.keystore
keytool -import -file test_axis.cer %KS_PASS% -keystore server.truststore -alias clientkey -noprompt
好的,现在我们就有了四个文件:server.keystore,server.truststore,client.keystore,client.truststore
2、将server.keystore,server.truststore放在服务端的tomcat目录下,配置tomcat的server.xml
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" keystoreFile="E:\Tomcat5.5\server.keystore" keystorePass="changeit"
truststoreFile="E:\Tomcat5.5\server.truststore" truststorePass="changeit"
sslProtocol="TLS" />
上面的是有问题的 因该按照如下配置
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Program Files\Apache Software Foundation\Tomcat 6.0\server.keystore" keystorePass="changeit"
truststoreFile="C:\Program Files\Apache Software Foundation\Tomcat 6.0\server.truststore" truststorePass="changeit" />
3、将客户端以前的http://10.7.7.32:8080/ebiz/services/AuthService 改为
https://10.7.7.32:8443/ebiz/services/AuthService
4、将client.keystore,client.truststore放在客户端类文件同一目录,执行如下命令
java -cp %AXISCLASSPATH%
-Djavax.net.ssl.keyStore=client.keystore
-Djavax.net.ssl.keyStorePassword=changeit
-Djavax.net.ssl.trustStore=client.truststore
TestClient
本文来自****博客,转载请标明出处:http://blog.****.net/insiderys/archive/2005/11/19/532864.aspx