WebService SSL bidirectional authentication Configuration

1. Install the Axis2 plugin in Tomcat

2, generate certificates, with the JDK's own keytool

Service-side Keytool-genkey-alias Server-dname"cn=192.168.10.100, Ou=jh, O=jh, L=hangzhou, S=zhejiang, C=CN"-keystore Server.keystore-Keyalg Rsakeytool-export-alias Server-fileServer.cer-storepass123456-KeyStore Server.keystore Keytool-import-fileServer.cer-storepass123456-keystore Client.truststore-alias Serverkey-noprompt Client Keytool-genkey-alias Client-dname"cn=192.168.10.101, Ou=jh, O=jh, L=hangzhou, S=zhejiang, C=CN"-keystore Client.keystore-Keyalg Rsakeytool-export-alias Client-fileClient.cer-storepass123456-KeyStore Client.keystore Keytool-import-fileClient.cer-storepass123456-keystore Server.truststore-alias Clientkey-noprompt
Keytool Command Logging1, generate server-side private key Kserver.keystore file2, according to the private key, export server-side security certificate3, the server-side certificate is imported into the trust KeyStore of the client.4, generating the client private key Kclient.keystore file5, according to the private key, export the Client security certificate6, import the client certificate into the server-side trust KeyStore

Cn--ip or domain name

3, modify the Tomcat-->conf-->server.xml configuration, add

<ConnectorPort= "8443"Protocol= "Org.apache.coyote.http11.Http11Protocol"MaxThreads= "Max"sslenabled= "true"Scheme= "https"Secure= "true"Keystorefile= "C:\\tomcat\\keystore\\server.keystore"Keystorepass= "123456"Truststorefile= "C:\\tomcat\\keystore\\server.truststore"Truststorepass= "123456"ClientAuth= "true"Sslprotocol= "TLS" />

Port-->https Port

Sslenabled= "True" to enable SSL authentication

Keystorefile-->keystore File Store location keystorepass-->keystore file password

Location where the Truststorefile-->truststore file is stored truststorepass-->truststore file is stored

Clientauth= "true" bidirectional Authentication "false" one-way authentication

4, if there is a need for all requests for HTTPS access, you need to modify the Tomcat-->conf-->web.xml configuration, add

 <Security-constraint>             <web-resource-collection>              <Web-resource-name>Ssl</Web-resource-name>              <Url-pattern>/*</Url-pattern>           </web-resource-collection>           <User-data-constraint>              <Transport-guarantee>Confidential</Transport-guarantee>          </User-data-constraint>        </Security-constraint> 

Note: The Url-pattern is modified to suit your needs, or it can be configured identically in the Web. XML in Axis2

5, to AXIS2 configuration, modify the Tomcat-->webapps-->axis2-->web-inf-->conf-->web.xml, add

<Transportreceivername= "https"class= "Org.apache.axis2.transport.http.AxisServletListener">          <parametername= "Port">8443</parameter>  </Transportreceiver>  <Transportsendername= "https"class= "Org.apache.axis2.transport.http.CommonsHTTPTransportSender">          <parametername= "PROTOCOL">http/1.1</parameter>          <parametername= "Transfer-encoding">Chunked</parameter>  </Transportsender>  

6. Add code in the program to specify the certificate location , before calling the client's code in the Getxxxstub method of the Xxxxfactory class, plus:

System.setproperty ("Javax.net.ssl.keyStore","/users/linjian/desktop/keystores/test/client.keystore" ); System.setproperty ("Javax.net.ssl.keyStorePassword", "123456");
System.setproperty ("Javax.net.ssl.trustStore","/users/linjian/desktop/keystores/test/ Client.truststore "); System.setproperty ("Javax.net.ssl.trustStorePassword", "123456");

WebService SSL bidirectional authentication Configuration