Created
August 14, 2011 06:03
-
-
Save bulain/1144630 to your computer and use it in GitHub Desktop.
CXF configuration using SSL/HTTPS with tomcat
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #generate server and client keystore | |
| keytool -genkeypair -alias server -keyalg RSA -dname "CN=Server,OU=Development,O=Test,L=Shanghai,S=SH,C=CN" -keystore server.keystore | |
| keytool -genkeypair -alias client -keyalg RSA -dname "CN=Client,OU=Development,O=Test,L=Shanghai,S=SH,C=CN" -keystore client.keystore | |
| keytool -list -keystore server.keystore | |
| #copy server certificate into client.keystore | |
| keytool -exportcert -alias server -file server-pub.cer -keystore server.keystore | |
| keytool -importcert -alias server -file server-pub.cer -keystore client.keystore | |
| keytool -list -keystore client.keystore | |
| #copy client certificate into server.keystore | |
| keytool -exportcert -alias client -file client-pub.cer -keystore client.keystore | |
| keytool -importcert -alias client -file client-pub.cer -keystore server.keystore | |
| keytool -list -keystore server.keystore | |
| <!-- tomcat server.xml --> | |
| <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" | |
| maxThreads="150" scheme="https" secure="true" | |
| clientAuth="true" sslProtocol="TLS" | |
| keystoreFile="${user.home}/server.keystore" keystoreType="JKS" keystorePass="123456" | |
| truststoreFile="${user.home}/server.keystore" truststoreType="JKS" truststorePass="123456" | |
| /> | |
| <!-- cxf config.xml --> | |
| <http:conduit name="*.http-conduit"> | |
| <http:tlsClientParameters disableCNCheck="true"> | |
| <sec:trustManagers> | |
| <sec:keyStore type="JKS" file="src/test/resources/certs/client.keystore" password="123456" /> | |
| </sec:trustManagers> | |
| <sec:keyManagers keyPassword="123456"> | |
| <sec:keyStore type="JKS" file="src/test/resources/certs/client.keystore" password="123456" /> | |
| </sec:keyManagers> | |
| <sec:cipherSuitesFilter> | |
| <sec:include>.*_EXPORT_.*</sec:include> | |
| <sec:include>.*_EXPORT1024_.*</sec:include> | |
| <sec:include>.*_WITH_DES_.*</sec:include> | |
| <sec:include>.*_WITH_NULL_.*</sec:include> | |
| <sec:exclude>.*_DH_anon_.*</sec:exclude> | |
| </sec:cipherSuitesFilter> | |
| </http:tlsClientParameters> | |
| <http:client AutoRedirect="true" Connection="Keep-Alive" /> | |
| </http:conduit> | |
| <!-- jetty config.xml --> | |
| <httpj:engine-factory bus="cxf"> | |
| <httpj:identifiedTLSServerParameters id="secure"> | |
| <httpj:tlsServerParameters> | |
| <sec:trustManagers> | |
| <sec:keyStore type="JKS" password="123456" file="src/test/resources/certs/server.keystore"/> | |
| </sec:trustManagers> | |
| <sec:keyManagers keyPassword="123456"> | |
| <sec:keyStore type="JKS" password="123456" file="src/test/resources/certs/server.keystore" /> | |
| </sec:keyManagers> | |
| <sec:cipherSuitesFilter> | |
| <sec:include>.*_EXPORT_.*</sec:include> | |
| <sec:include>.*_EXPORT1024_.*</sec:include> | |
| <sec:include>.*_WITH_DES_.*</sec:include> | |
| <sec:include>.*_WITH_NULL_.*</sec:include> | |
| <sec:exclude>.*_DH_anon_.*</sec:exclude> | |
| </sec:cipherSuitesFilter> | |
| <sec:clientAuthentication want="true" required="true" /> | |
| </httpj:tlsServerParameters> | |
| </httpj:identifiedTLSServerParameters> | |
| <httpj:engine port="8443"> | |
| <httpj:tlsServerParametersRef id="secure"/> | |
| </httpj:engine> | |
| </httpj:engine-factory> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,大神,cxf怎么同时支持https和http?