blob: 00391452cfe638abb82502e2dc9eeb5d84ca6088 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
to generate certificates:
keytool -genkeypair -alias servercert -keyalg RSA -dname "CN=Web Server,OU=Unit,O=Organization,L=City,S=State,C=US" -keypass password -keystore server.jks -storepass password
keytool -genkeypair -alias clientcert -keystore clientcert.p12 -storetype pkcs12 -keyalg RSA -dname "CN=Client,OU=Unit,O=Organization,L=City,S=State,C=US" -keypass password -storepass password
keytool -exportcert -alias %1 -file clientcert.cer -keystore clientcert.p12 -storetype pkcs12 -storepass password
keytool -importcert -keystore server.jks -alias clientcert -file clientcert.cer -v -trustcacerts -noprompt -storepass password
tomcat connector configuration:
<Connector
clientAuth="true" port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${catalina.home}/conf/server.jks"
keystoreType="JKS" keystorePass="password"
truststoreFile="${catalina.home}/conf/server.jks"
truststoreType="JKS" truststorePass="password"
SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2" sslProtocol="TLS"
/>
install client certificate into your browser of choice, and you should be good to go!
|
