https相对安全的链接。
1.生成keystore:
命令行中C:\Java\jdk1.5.0_09\bin>
keytool -genkey -alias tomcat -keyalg RSA -validity 365
注:-alias tomcat 设定别名; -validity 365 证书有效期设为365天;
在输入国家之后,会问输入是否正确,键入: "Y" 表示确定。
生成证书过程中,提示设定<tomcat>的密码时,使用和keystore相同的密码。默认回车就可以了
生成的证书默认是放在当前系统用户的主目录下(C:\Documents and Settings\Administrator),复制至Tomcat的主目录以便于下一步中的server.xml的keystoreFile的值设定
将.keystore重命名为tomcat.keystore,并复制到tomato的根目录下
2.编辑tomcat的配置文件server.xml,去掉下面SSL Connector的注释,修改为如下:
1 <!-- Define an SSL HTTP/1.1 Connector on port 8443 --> 2 3 <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" 4 maxThreads="150" scheme="https" secure="true" 5 clientAuth="false" sslProtocol="TLS" 6 keystoreFile="tomcat.keystore" keystorePass="mozilla" 7 />
这样就开放了8443端口。注意protocol。
这样就ok了。
java代码中,由于我们diy的证书是非法的,所以直接用URL =new URL("https://localhost:8443");是不可达的。
因此借助httpcomponents-client-4.1.3-bin.zip
1 String msg="需要发送的消息"; 2 3 String result = ""; 4 try { 5 // First create a trust manager that won't care. 6 X509TrustManager trustManager = new X509TrustManager() { 7 public void checkClientTrusted(X509Certificate[] chain, 8 String authType) throws CertificateException { 9 } 10 public void checkServerTrusted(X509Certificate[] chain, 11 String authType) throws CertificateException { 12 } 13 public X509Certificate[] getAcceptedIssuers() { 14 return null; 15 } 16 }; 17 // Now put the trust manager into an SSLContext. 18 SSLContext sslcontext = SSLContext.getInstance("SSL"); 19 sslcontext.init(null, new TrustManager[] { trustManager }, null); 20 // Use the above SSLContext to create your socket factory 21 // (I found trying to extend the factory a bit difficult due to a 22 // call to createSocket with no arguments, a method which doesn't 23 // exist anywhere I can find, but hey-ho). 24 SSLSocketFactory sf = new SSLSocketFactory(sslcontext,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); 25 DefaultHttpClient httpclient = new DefaultHttpClient(); 26 httpclient.getParams().setParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, 1*1000); 27 httpclient.getConnectionManager().getSchemeRegistry().register(new Scheme("https",443 , sf)); 28 HttpPost httpPost = new HttpPost("https://localhost:8443"); 29 // Execute HTTP request 30 httpPost.setHeader("Authorization", "basic "+ "dGNsb3VkYWRtaW46dGNsb3VkMTIz"); 31 httpPost.setHeader("Content-type", "application/xml"); 32 httpPost.setEntity(new StringEntity(msg)); 33 HttpResponse response = httpclient.execute(httpPost); 34 HttpEntity resEntity = response.getEntity(); 35 InputStreamReader reader = new InputStreamReader(resEntity.getContent()); 36 char[] buff = new char[1024]; 37 int length = 0; 38 while ((length = reader.read(buff)) != -1) { 39 result += new String(buff, 0, length); 40 } 41 httpclient.getConnectionManager().shutdown(); 42 } catch (Exception e) { 43 e.printStackTrace(); 44 log.error("when send msg throw an exception:"+e); 45 }
我们还可以为tomcat指定java环境,编辑bin目录中catalina.sh文件在 #!/bin/sh的下一行添加
export JAVA_HOME=/usr/local/java/jdk1.6.0
export JRE_HOME=/usr/local/java/jdk1.6.0/jre