The operating system is under window.
First steps to install the software
1, install Tomcat6.0.35 (Tomcat7.0.34 test pass)
2, install JDK6 (1.6.0_10-RC2, other version not tested)
3. Installing OpenSSL
Second Step configuration software
1. Set the bin directory of the JDK, JRE, and OpenSSL to the PATH environment variable
The third step is to generate the certificate
1, create a directory, enter the cmd command line, through the CD command to enter the directory
2. Run the command under the specified directory: OpenSSL genrsa-out server.key 1024 generates the server key file.
If the Server.key file is produced under the directory and the file size is not 0, the success is indicated.
If not, see if there is an issue in the output that "\usr\local\ssl\openssl.cnf" could not be found, if you encounter this problem, you did not follow the fourth step of the request to set OpenSSL to path, the solution is 2, The first one completes the fourth step of the OpenSSL path setting, the second one is to change the file "Openssl.cfg" under OpenSSL's Bin directory to a name, and then create a "\usr\local\ssl\" directory under the C drive to copy the file in.
3. Run the command again: OpenSSL req-new-out Server.csr-key Server.key generates a signed file based on the key file.
In each of the settings, in addition to common name other items can be empty, but in order to later hello to identify the certificate, it is best not set empty, where the value of common name must be your server IP or domain name, native test can use localhost, But you can't set it to localhost if you want to access it from a mobile device.
4. Run the command again: OpenSSL genrsa-out ca.key 1024 generates the client key file.
5. Run the command again: OpenSSL req-new-x509-days 365-key ca.key-out CA.CRT generate the client's signature file.
Fill in the content and the third step is consistent, where OrganizationName must be consistent with the third step
6. Create Democa folder under current directory and create file under Democa index.txt and serial,serial content 01,index.txt empty, and folder Newcerts
7, enter in the command line: OpenSSL ca-in server.csr-out server.crt-cert ca.crt-keyfile Ca.key Let the client's signing certificate can be recognized by the signing Certificate of the website server
8, run the command OpenSSL pkcs12-export-in server.crt-inkey server.key-out SERVER.P12 The server signed the certificate conversion browser can recognize the PCS12 format, password using the password entered above " 123456 ".
9. Run command java-cp jetty-5.1.10.jar org.mortbay.util.PKCS12Import server.p12 Server.jks, use Jetty tool class in Pkcs12import to complete the conversion, Password above. (Jetty-5.1.10.jar needs to be placed in the current folder)
If an error occurs: The description of your Jetty-5.1.10.jar is not copied to the command line under the current folder.
10. If you are curious, you can view the signed contents of the file by Keytool-v-list-keystore server.jks on the command line.
The above process generated a total of 7 files, we only care about 3 of these files, respectively, SERVER.P12 (Tomcat configuration), Server.jks (Tomcat configuration), CA.CRT (client certificate, requires iOS device download installation).
Fourth step configuring the Tomcat server
1. Open the Tomcat directory, locate the Server.xml file under Conf, and open the 8443 port section to find the comment, and modify it to the following content
<connector port= "8443" protocol= "Org.apache.coyote.http11.Http11Protocol"
Sslenabled= "true" maxthreads= "scheme=" "https" secure= "true" Clientauth= "false"
Keystorefile= "D:/APACHE-TOMCAT-6.0.35/WEBAPPS/ROOT/CA/SERVER.P12" keystorepass= "123456" keystoreType= "PKCS12"
Truststorefile= "D:/apache-tomcat-6.0.35/webapps/root/ca/server.jks" truststorepass= "123456" truststoreType= "JKs" />
Note: Keystorefile, Keystorepass is the location where the file was generated and the password that was entered when the certificate was generated.
My project is published to root, you need to copy several files to the file at the same time: SERVER.P12, Server.jks, ca.crt; SERVER.P12, Server.jks is a server.xml configuration file for Tomcat, and the Ca.crt file is to be published for iOS devices to download the installed client certificate.
In addition, the server side also needs to install the SERVER.CRT certificate (if it is only for iOS download app service, this certificate can not be installed), this certificate needs to be installed to the trusted root directory. The steps are as follows:
Double-click server.crt-> Install Certificate, and Next, select "Place all certificates in the following storage", browse to select the "Trusted Root Certification Authorities" and the rest of the way "yes".
First off the software, as well as detailed pages and instructions for each step, please go to the following address to download:
http://download.csdn.net/detail/zenjamin/7341345
Tomcat builds iOS app publishers