https 接口搭建配置

首先利用keytool工具生成服務(wù)器證書客戶端證書互相信任認(rèn)證配置服務(wù)器開啟https連接攔截請(qǐng)求地址強(qiáng)制ssl認(rèn)證連接cmd命令行輸入以下命令1keytool-genkey-v-aliastomcat-keyalgRSA-keystoreD:/SSL/server/tomcat.keystore-dname"CN=,OU=jak,O=jak,L=Peking,ST=Peking,C=CN"-validity3650-storepassjakl23-keypassjak123解釋參數(shù)*****keytool是JDK提供的證書生成工具，所有參數(shù)的用法參見(jiàn)keytool-help-genkey創(chuàng)建新證書-v詳細(xì)信息-aliastomcat以”tomcat”作為該證書的別名。這里可以根據(jù)需要修改-keyalgRSA指定算法-keystoreD:/SSL/server/tomcat.keystore保存路徑及文件名-dname"CN=,0U=zlj,0=zlj,L=Peking,ST=Peking,C=CN"證書發(fā)行者身份，這里的CN要與發(fā)布后的訪問(wèn)域名一致-validity3650證書有效期，單位為天-storepassjak123證書的存取密碼-keypassjak123證書的私鑰2生成客戶端證書執(zhí)行以下命令keytool-genkey-v-aliasclient-keyalgRSA-storetypePKCS12-keystoreD:/SSL/client/client.p12-dname"CN=client,OU=jak,O=jak,L=bj,ST=bj,C=CN"-validity3650-storepassclient-keypassclient3導(dǎo)出客戶端證書keytool-export-aliasclient-keystoreD:/SSL/client/client.p12-storetypePKCS12-storepassclient-rfc-fileD:/SSL/client/client.cer4把客戶端證書加入服務(wù)端證書信任列表keytool-import-aliasclient-v-fileD:/SSL/client/client.cer-keystoreD:/SSL/server/tomcat.keystore-storepassjak1235導(dǎo)出服務(wù)端證書keytool-export-aliastomcat-keystoreD:/SSL/server/tomcat.keystore-storepassjakjak-rfc-fileD:/SSL/server/tomcat.cer6生成客戶端信任列表keytool-import-fileD:/SSL/server/tomcat.cer-storepassjakl23-keystoreD:/SSL/client/client.truststore-aliastomcat-noprompt在Tomcatserver.xml文件中替換8443端口配置<!--開啟HTTPS接口的配置-->vConnectorport="8443"protocol="HTTP/1.1"SSLEnabled="true"maxThreads="150"scheme="https"secure="true"clientAuth="true"sslProtocol="TLS"keystoreFile="D:/SSL/server/tomcat.keystore"keystorePass="jak123"truststoreFile="D:/SSL/server/tomcat.keystore"truststorePass="jak123"/>clientAuth=true雙向認(rèn)證false單項(xiàng)認(rèn)證，單項(xiàng)認(rèn)證時(shí)候不需要truststoreFiletruststorePass參數(shù)配置即可web?xml文件加入配置<!--強(qiáng)制SSL配置，即普通的請(qǐng)求也會(huì)重定向?yàn)镾SL請(qǐng)求--><security-constraint>vweb-resource-collection>vweb-resource-name>SSLv/web-resource-name>vurl-pattern>/*v/url-pattern>v!--全站使用SSLvurl-pattern>/*v/url-pattern>--></web-resource-collection><user-data-constraint><description>SSLrequiredv/description><!--CONFIDENTIAL:要保證服務(wù)器和客戶端之間傳輸?shù)臄?shù)據(jù)不能夠被修改，且不能被第三方查看到--><!--INTEGRAL:要保證服務(wù)器和client之間傳輸?shù)臄?shù)據(jù)不能夠被修改--><!--NONE:指示容器必須能夠在任一的連接上提供數(shù)據(jù)。（即用HTTP或HTTPS，由客戶端來(lái)決定）-->vtransport-guarantee>CONFIDENTIALv/transport-guarantee></user-data-constraint></security-constraint>/*****/瀏覽器訪問(wèn) 需要把客戶端證書給客戶端 路徑為

D:/SSL/client/client.p12,發(fā)送給對(duì)方運(yùn)行即可以訪問(wèn)。雙擊client文件1歡迎使用證書導(dǎo)入向?qū)кS踽韶書信任趙和證書吊誚別單擊:心下一步松繼續(xù)。證書導(dǎo)入向?qū)?，證認(rèn)。的信S蠶境37區(qū)SS9S畳rf-i滋歡迎使用證書導(dǎo)入向?qū)кS踽韶書信任趙和證書吊誚別單擊:心下一步松繼續(xù)。證書導(dǎo)入向?qū)ぃC認(rèn)。的信S蠶境37區(qū)SS9S畳rf-i滋由冒疋client2下一步3勾選標(biāo)志詞秘鑰為可導(dǎo)出秘鑰。丁填寫生成client證書的密碼不對(duì)會(huì)提示錯(cuò)誤證書導(dǎo)入向?qū)?li^al密碼為了保證安全，已用密碼保護(hù)利鑰。為私鑰鍵入巒碼。墜碼(F)：鴉鶴巒呆護(hù)。如果啟用這個(gè)選項(xiàng)，每歡應(yīng)用程序使用私鑰時(shí)，您都會(huì)E標(biāo)志此巒鑰為可導(dǎo)出的濟(jì)鑰。這將允許您在稱后備偽或傳輸濟(jì)鑰曲。區(qū)包括所有擴(kuò)展厲性如*了解保理掘的更參信息<■上一步⑹］［下一步?習(xí)［取消

4下一步選第二個(gè)選項(xiàng)證書儲(chǔ)存為個(gè)人下一步完成ok5訪問(wèn)截圖無(wú)法顯示此頁(yè)?確保Web地址https：//localhost:8443正確。?使用搜索引擎查找頁(yè)面。?請(qǐng)過(guò)幾分鐘后刷新頁(yè)面。爭(zhēng)復(fù)連去寸￡點(diǎn)擊確定后再次訪問(wèn)網(wǎng)站則無(wú)需驗(yàn)證（瀏覽器關(guān)閉需要從新點(diǎn)擊確定認(rèn)證）

Java訪問(wèn)webService代門******省略自己去百度查看Axis搭建webservice1Java環(huán)境變量正確2去官網(wǎng)下載axisjar3解壓到本地任意路徑比如解壓到G:\axis-1_4配置4將G:\axis-1_4\webapps下的axix文件復(fù)制到tomcat的webapps下啟動(dòng)tomcat訪問(wèn)localhost:8080/axis出現(xiàn)此界面表示成功?Pf◎?Pf◎證書霸CI Apache-AxisZOApache-AXISHello!WelcometoApache-Axis.Whatdoyouwanttodotoday??"Validation-Validatethelocalinstallation'sconfigurationseeheiowifthisdoesnotwarfcList-ViewthelistofdeployedWebservices■Call-Callalocalendpointthatlist'sthecaller'shttpheaders(orseeitsWSDL)."Visit-VisittheApache-AxisHomePageAdministerAxis-[disabledbydefaultforsecurityreasons]SOAPMonitor-[disabledbydefaultforsecurityreasons]Toenablethedisabledfeatures;uncommetittheappropriatedeclarationsinWEB-INF/^veb_xmlinthewebapplicationandrestartit.^ralidatingAxisIfthe"happyaxis11validationpagedisplaysanexceptioninsteadofastatuspage,thelikelycauseisthatyouhavemultipleXMLparsersinyourclasspath.Cleanupyourclasspathbyeliminatingextraneousparsers.IfyouhaveproblemsgettingAxistowork,consulttheAxisWikiandthentrytheAxisusermailinglist.

5在工程的web-info下新建wsdd文件見(jiàn)下圖Jl_E3webapp>昂static丿』WEB-INFL_n即Y?server-config.wsdd的spring-mvc.xml427015-8-25上午10:1呂hbweb.xml425&15七-24下午4:45hb品 年424115-8-24^^3:05hb配置文件根據(jù)需求不同配置不同（此處提供簡(jiǎn)單的配置見(jiàn)下圖）gserver-config.wsddS31-^deploymentxm1ns=ttp;//xmL.apachw?org/axis/wsdd/"234xmlns:java="http://xmL./axis/hisdd/providers/java"^<handlername=xmlns:java="http://xmL./axis/hisdd/providers/java"^<handlername="URLMapperntype="java:org.apache.axis.hcmdLe廠s?http.URLMappeT"/〉6 <parametername="cLassName"value="SayHeLLo"/><parametername="atLowedMethods"value=,,*,,/>8 </service><transportname=,'^ttp,,><requestFlow><handlertype="URLMapper"/></requestFlow>1&-111213141&-11121314</deployment>server-config.wsdd〈servicename="HeLLoWorLd"provider二"java:RPC"><parametername="className"value="SayHeLLo"/><parametername="aLLowedMethods"value="*"/></service>參數(shù)值說(shuō)明HeLLoWorLd為訪問(wèn)url時(shí)候的命名。例如https://LocaLhost:8443/axis/services/HeLLoWorLd?wsdL將HeLLoWorLd替換為xxxxx則請(qǐng)求地址為HYPERLINK"https:/