使用Tomcat作为weblogic客户端的两种方式的ssl [英] Two way ssl with Tomcat as client to weblogic
问题描述
我为我的一个项目设置了 Weblogic 9.2 的双向 SSL.当浏览器是客户端时,设置并不困难.
I have setup two-way SSL for Weblogic 9.2 for one of my project. The setup was not difficult at all when a browser is a client.
我现在需要将 tomcat 设置为客户端,而不是使用浏览器客户端.在这种情况下,Tomcat 将托管一个 JSP 页面或一个 servlet,并调用托管在 Weblogic 上的 Web 服务.我用谷歌搜索过,但没有找到很多关于这个设置的文档.任何想法 - 在这种情况下设置 HTTPS 连接器是否有效?
I need to setup tomcat as a client now instead using a browser client. In this scenario, Tomcat will host a JSP page or a servlet and call a web service hosted on Weblogic. I have Googled but have not found much documentation for this setup. Any idea - will setting the HTTPS connector work in this case?
谢谢
推荐答案
最后,我能够通过以下方式对其进行配置.
Finally I was able to configure it the following way.
为 Weblogic 服务器设置 SSL生成服务器私钥和证书
java utils.CertGen -selfsigned -certfile SelfCA.cer -keyfile SelfKey.key -keyfilepass password -cn "localhost"
创建身份密钥库
java utils.ImportPrivateKey -keystore IdentityStore.jks -storepass 密码 -keypass 密码 -alias trustself -certfile SelfCA.cer.pem -keyfile SelfKey.key.pem -keyfilepass 密码
将证书导入新的信任密钥库
Import certificate into the new trust keystore
keytool -import -trustcacerts -alias trustself -keystore truststore.jks -file SelfCA.cer.der -keyalg RSA
当提示输入密钥库密码"时,输入密钥密码"
When prompted for "Enter keystore password", enter "keypassword"
登录 WL 管理控制台(http://www.xyz.com:7001/console)(默认用户名=weblogic 和密码=weblogic).在我的示例中,我启动了Weblogic 示例服务器"
Log into WL administrative console (http://www.xyz.com:7001/console) (default username=weblogic and password=weblogic). In my example I started "Weblogic Example Server"
导航到服务器->示例服务器->密钥库.
Navigate to Server->Example Server->Keystore.
点击锁定和编辑"
输入以下信息
Keystore 下拉菜单:选择自定义身份和自定义信任"
Keystore dropdown menu: select "Custom Identity and Custom Trust"
自定义身份密钥库:[LOCATION]\IdentityStore.jks
Custom Identity Keystore: [LOCATION]\IdentityStore.jks
自定义身份密钥库类型:JKS
Custom Indentity Keystore Type: JKS
自定义身份密钥库密码:密码
Custom Identity Keystore Passphrase: password
自定义信任密钥库:[LOCATION]\truststore.jks
Custom Trust Keystore: [LOCATION]\truststore.jks
自定义信任密钥库类型:JKS
Custom Trust Keystore Type: JKS
自定义信任密钥库密码:keypassword`
Custom Trust Keystore Passphrase: keypassword`
导航到 SSL 选项卡.输入以下信息
Navigate to SSL tab. Enter the following information
身份和信任位置:密钥库
Identity and Trust Location: Keystores
私钥别名:trustself
Private Key Alias: trustself
私钥密码:密码
设置Tomcat客户端
为Tomcat生成证书
Generate a certificate for Tomcat
keytool -genkey -alias client -keyalg RSA -validity 3650 -keystore client.jks -storepass abcd1234 -keypass abcd1234
keytool -export -alias client -keystore client.jks -storepass abcd1234 -file client.cer
将证书导入上面创建的信任库
Import the certificate to truststore created above
keytool -import -trustcacerts -alias trustclient -keystore truststore.jks -file client.cer -keyalg RSA
在文本编辑器中打开 [TOMCAT-INSTALL-LOCATION]\bin\catalina.bat.在第 187 行之后添加以下条目
Open [TOMCAT-INSTALL-LOCATION]\bin\catalina.bat in a text editor. Add the following entries right after line 187
set JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStore=C:/certs2/truststore.jks -Djavax.net.ssl.trustStorePassword=keypassword -Djavax.net.ssl.keyAlias=trustcleint代码>
set JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStore=C:/certs2/client.jks -Djavax.net.ssl.keyStorePassword=abcd1234
启动tomcat.
测试构建一个 Web 应用程序并在 Tomcat 中部署.从 Web 应用程序中的 JSP 页面调用部署在 WebLogic 中的 Web 服务 https://www.xyz.com:7002/jws_basic_simple/SimpleService
的 sayHello() 方法.
Testing
Build an web application and deploy in Tomcat. From the JSP page in web application invoke sayHello() method of web service https://www.xyz.com:7002/jws_basic_simple/SimpleService
deployed in WebLogic.
这篇关于使用Tomcat作为weblogic客户端的两种方式的ssl的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!