Tomcat + axis2 WebService Configure SSL one-way authentication

To enable the client to access WebService over https, You need to configure SSL for Tomcat and axis2. Configure the server and client respectively:

Server:

1. Generate a certificate on the server

Create the C:/CRT folder and execute the following command in the DOS window.

Cd c:/CRT </P> <p> keytool-genkey-keyalg RSA-dname "cn = Jim, ou = Sango, O = none, L = China, st = Beijing, c = us "-alias server-keypass aa1234-keystore server. jks-storepass aa1234-validity 3650 </P> <p>

Generate the certificate: Server. jks in the C:/CRT folder.

Keytool is a built-in JDK certificate management command.

2. Configure Tomcat SSL

Edit C:/Apache-Tomcat-6.0.29/CONF/server. xml and add the following code:

<Connector Port = "8443" protocol = "HTTP/1.1" sslenabled = "true" </P> <p> maxthreads = "150" Scheme = "HTTPS" secure = "true "</P> <p> clientauth =" false "sslprotocol =" TLS "</P> <p> keystorefile =" C: /CRT/server. jks "keystorepass =" aa1234 "/> </P> <p>

Keystorefile is the certificate location, and keystorepass is the password specified when the certificate is generated.

Verify Configuration: https: // localhost: 8443/

3. Configure the SSL of axis2

Edit C:/Apache-Tomcat-6.0.29/webapps/axis2/WEB-INF/Web. xml and add the following code:

<Transportreceiver name = "HTTPS" class = "org. apache. axis2.transport. HTTP. simplehttpserver "> </P> <p> <parameter name =" Port "locked =" false "> 8443 </parameter> </P> <p> </transportreceiver> </P> <p> <transportsender name = "HTTPS" </P> <p> class = "org. apache. axis2.transport. HTTP. commonshttptransportsender "> </P> <p> <parameter name =" protocol "locked =" false "> HTTP/1.1 </parameter> </P> <p> <parameter name = "transfer-encoding"> chunked </parameter> </P> <p> </transportsender> </P> <p>

Client. The client is not a browser, but a program that calls WebService.

1. Import the server certificate

Create the C:/CRT folder on the client, copy the Certificate Server. jks generated by the server to C:/CRT, and execute the following commands in the DOS window respectively.

Cd c:/CRT <br/> keytool-export-alias server-keystore server. jks-file server. CER <br/> Cd C: /program files/Java/jdk1.6.0 _ 20/JRE/lib/security/<br/> keytool-import-trustcacerts-alias server-keystore cacerts-file C:/CRT/server. cer-storepass changeit </P> <p>

In the previous command, C:/program files/Java/jdk1.6.0 _ 20/JRE/lib/security/cacerts must point to the corresponding JRE folder used at runtime.

2. Add the code in the program to specify the certificate location. Add the following before calling the client code in the getxxxstub method of the xxxxfactory class:System. setproperty ("javax.net. SSL. truststore "," C:/program files/Java/jdk1.6.0 _ 20/JRE/lib/security/cacerts "); </P> <p> system. setproperty ("javax.net. SSL. truststorepassword "," aa1234 "); <br/>

After this configuration, you can call the client through HTTPS. You can use HTTP to generate a client. The client generated by HTTP and HTTPS is the same.

Address: http://blog.csdn.net/honglei915/archive/2010/12/13/6073290.aspx