问题
I have setup two-way SSL for Weblogic 9.2 for one of my project. The setup was not difficult at all when a browser is a client.
I need to setup tomcat as a client now instead using a browser client. In this scenario, Tomcat will host a JSP page or a servlet and call a web service hosted on Weblogic. I have Googled but have not found much documentation for this setup. Any idea - will setting the HTTPS connector work in this case?
Thank you
回答1:
Finally I was able to configure it the following way.
SSL set up for Weblogic server Generate server private key and certificate
java utils.CertGen -selfsigned -certfile SelfCA.cer -keyfile SelfKey.key -keyfilepass password -cn "localhost"
Create identity key-store
java utils.ImportPrivateKey -keystore IdentityStore.jks -storepass password -keypass password -alias trustself -certfile SelfCA.cer.pem -keyfile SelfKey.key.pem -keyfilepass password
Import certificate into the new trust keystore
keytool -import -trustcacerts -alias trustself -keystore truststore.jks -file SelfCA.cer.der -keyalg RSA
When prompted for "Enter keystore password", enter "keypassword"
Log into WL administrative console (http://www.xyz.com:7001/console) (default username=weblogic and password=weblogic). In my example I started “Weblogic Example Server”
Navigate to Server->Example Server->Keystore.
Click on “Lock and Edit”
Enter the following information
Keystore dropdown menu: select “Custom Identity and Custom Trust”
Custom Identity Keystore: [LOCATION]\IdentityStore.jks
Custom Indentity Keystore Type: JKS
Custom Identity Keystore Passphrase: password
Custom Trust Keystore: [LOCATION]\truststore.jks
Custom Trust Keystore Type: JKS
Custom Trust Keystore Passphrase: keypassword`
Navigate to SSL tab. Enter the following information
Identity and Trust Location: Keystores
Private Key Alias: trustself
Private Key Passphrase: password
Set up Tomcat Client
Generate a certificate for Tomcat
keytool -genkey -alias client -keyalg RSA -validity 3650 -keystore client.jks -storepass abcd1234 -keypass abcd1234
keytool -export -alias client -keystore client.jks -storepass abcd1234 -file client.cer
Import the certificate to truststore created above
keytool -import -trustcacerts -alias trustclient -keystore truststore.jks -file client.cer -keyalg RSA
Open [TOMCAT-INSTALL-LOCATION]\bin\catalina.bat in a text editor. Add the following entries right after line 187
set JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStore=C:/certs2/truststore.jks -Djavax.net.ssl.trustStorePassword=keypassword -Djavax.net.ssl.keyAlias=trustcleint
set JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStore=C:/certs2/client.jks -Djavax.net.ssl.keyStorePassword=abcd1234
Start tomcat.
Testing
Build an web application and deploy in Tomcat. From the JSP page in web application invoke sayHello() method of web service https://www.xyz.com:7002/jws_basic_simple/SimpleService
deployed in WebLogic.
来源:https://stackoverflow.com/questions/16290992/two-way-ssl-with-tomcat-as-client-to-weblogic