67,513
社区成员
发帖
与我相关
我的任务
分享Tomcat6配置使用SSL双向认证问题?
在tomcat配置文件server.xml中我配置成:
<Connector secure="true" scheme="https" protocol="HTTP/1.1" port="8443" SSLEnabled="true" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" sslProtocol="TLS" clientAuth="true" keystoreFile="C:\server_keystore" keystorePass="changeit"/>
就可以,但是如果加上truststoreFile="C:\server_truststore" truststorePass="changeit"就不行(ie弹出的选择证书选择框中没有证书),也就是说配制成
<Connector secure="true" scheme="https" protocol="HTTP/1.1" port="8443" SSLEnabled="true" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" sslProtocol="TLS" clientAuth="true" keystoreFile="C:\server_keystore" keystorePass="changeit" truststoreFile="C:\server_truststore" truststorePass="changeit"/>
,为什么?请指教?谢谢。
<Connector secure="true" scheme="https" protocol="HTTP/1.1" port="8443" SSLEnabled="true" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" sslProtocol="TLS" clientAuth="true" keystoreFile="C:\server_keystore" keystorePass="changeit"/>
就可以,但是如果加上truststoreFile="C:\server_truststore" truststorePass="changeit"就不行(ie弹出的选择证书选择框中没有证书),也就是说配制成
<Connector secure="true" scheme="https" protocol="HTTP/1.1" port="8443" SSLEnabled="true" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" sslProtocol="TLS" clientAuth="true" keystoreFile="C:\server_keystore" keystorePass="changeit" truststoreFile="C:\server_truststore" truststorePass="changeit"/>
,为什么?请指教?谢谢。
...全文
请发表友善的回复…
发表回复
叶涛网站推广优化 2008-07-03
- 打赏
- 举报
<Connector secure="true" scheme="https" protocol="HTTP/1.1" port="8443" SSLEnabled="true" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" sslProtocol="TLS" clientAuth="true" keystoreFile="C:\server_keystore"
查参数属性
查参数属性
M_song 2008-07-03
- 打赏
- 举报
truststorefile="d:/path/bin/x509/root.jks"
采用这样的路径试试,另外truststorefile和keystoreFile最好都设置到文件而不是目录!
采用这样的路径试试,另外truststorefile和keystoreFile最好都设置到文件而不是目录!
luoxiang2000 2008-07-03
- 打赏
- 举报
to _song:我的就是文件,不过没有后缀而已。
to yetaodiao:你什么意思,能否说详细点?不明白
to yetaodiao:你什么意思,能否说详细点?不明白
luoxiang2000 2008-07-02
- 打赏
- 举报
我生成文件的命令如下:
openssl genrsa -out ca-key.pem 1024
openssl req -new -out ca-req.csr -key ca-key.pem
openssl x509 -req -in ca-req.csr -out ca-cert.pem -signkey ca-key.pem -days 365
keytool -genkey -dname "cn=192.168.0.1, ou=GM, o=KD, l=CZ, st=GD, c=CN" -storepass changeit -keystore server_keystore -keyalg RSA -keypass changeit
keytool -certreq -sigalg MD5withRSA -file server.csr -keypass changeit -keystore server_keystore -storepass changeit
openssl x509 -req -in server.csr -out server-cert.pem -CA ca-cert.pem -CAkey ca-key.pem -days 365
keytool -import -v -trustcacerts -storepass changeit -file ca-cert.pem -keystore %JAVA_HOME%\jre\lib\security\cacerts
keytool -export -file ca-cert.pem -storepass changeit -keystore server_keystore
keytool -import -file ca-cert.pem -storepass changeit -keystore client_truststore -noprompt
keytool -genkey -dname "cn=192.168.0.1, ou=GM, o=KD, l=CZ, st=GD, c=CN" -storepass changeit -keystore client_keystore -keyalg RSA -keypass changeit
keytool -export -file ca-cert.pem -storepass changeit -keystore client_keystore
keytool -import -file ca-cert.pem -storepass changeit -keystore server_truststore -noprompt
openssl genrsa -out client-key.pem 1024
openssl req -new -out client-req.csr -key client-key.pem
openssl x509 -req -in client-req.csr -out client.crt -signkey client-key.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -days 365
openssl pkcs12 -export -clcerts -in client.crt -inkey client-key.pem -out client.p12
openssl genrsa -out ca-key.pem 1024
openssl req -new -out ca-req.csr -key ca-key.pem
openssl x509 -req -in ca-req.csr -out ca-cert.pem -signkey ca-key.pem -days 365
keytool -genkey -dname "cn=192.168.0.1, ou=GM, o=KD, l=CZ, st=GD, c=CN" -storepass changeit -keystore server_keystore -keyalg RSA -keypass changeit
keytool -certreq -sigalg MD5withRSA -file server.csr -keypass changeit -keystore server_keystore -storepass changeit
openssl x509 -req -in server.csr -out server-cert.pem -CA ca-cert.pem -CAkey ca-key.pem -days 365
keytool -import -v -trustcacerts -storepass changeit -file ca-cert.pem -keystore %JAVA_HOME%\jre\lib\security\cacerts
keytool -export -file ca-cert.pem -storepass changeit -keystore server_keystore
keytool -import -file ca-cert.pem -storepass changeit -keystore client_truststore -noprompt
keytool -genkey -dname "cn=192.168.0.1, ou=GM, o=KD, l=CZ, st=GD, c=CN" -storepass changeit -keystore client_keystore -keyalg RSA -keypass changeit
keytool -export -file ca-cert.pem -storepass changeit -keystore client_keystore
keytool -import -file ca-cert.pem -storepass changeit -keystore server_truststore -noprompt
openssl genrsa -out client-key.pem 1024
openssl req -new -out client-req.csr -key client-key.pem
openssl x509 -req -in client-req.csr -out client.crt -signkey client-key.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -days 365
openssl pkcs12 -export -clcerts -in client.crt -inkey client-key.pem -out client.p12
