Project needs to implement two-way SSL verification on Android.
Prepare the environment:
Windows 2003 EE;
OpenSSL;
Tomcat 7;
Simple process:
1. Use OpenSSL and keytools for Ca, client, and server certificates and private keys.
2. Build a Tomcat web server with two-way authentication.
3. verify the validity of two-way SSL verification with IE.
For the above three steps, see the following document: https SSL two-way authentication under Tomcat
The only problem is that Tomcat 7 has different configurations. Server. xml
[XHTML]View
Plaincopy
- <Connector
- Classname = "org. Apache. Catalina. connector. http. httpconnector"
- Protocol = "org. Apache. Coyote. http11.http11nioprotocol"
- Port = "8443" minsparethreads = "5" maxsparethreads = "75"
- Enablelookups = "true" disableuploadtimeout = "true"
- Acceptcount = "100" maxthreads = "200"
- Scheme = "HTTPS" secure = "true" sslenabled = "true"
- Clientauth = "true" sslprotocol = "TLS"
- Keystorefile = "C:/OpenSSL/Server/server_keystore"
- Keystorepass = "66666"/>
Keystorepass is your server_keystore Password
Change clientauth = "true" to false for one-way authentication.
4. Write an SSL verification program for Android, but only one-way authentication of server certificates can be performed. See the link below for the source code.
Android OpenSSL analysis and example-column in zhenyongyuan123
5. Write a Java client/server program to verify SSL two-way authentication.
Implement SSL mutual authentication in Java
6. To understand the SSL handshake process, test the two-way SSL verification process of Tomcat using OpenSSL command line.
Use OpenSSL to connect to the command line for two-way authentication of Tomcat SSL.
[Python]View
Plaincopy
- OpenSSL s_client-connect localhost: 8443-Cert client/client-cert.pem-Key Client/client-key.pem-cafile Ca/ca-cert.pem-state
7. through the above process, we found the problem in Step 4, and solved the problem of Android accessing Tomcat's two-way SSL verification web server.
8. The first step is to directly use Android webview to access Tomcat's two-way SSL server. It is being studied... you may need to modify the source code of webview and study the implementation method of writing the document description separately.
Http://blog.csdn.net/win2k3net/article/details/6165690