Articles on how to use Tomcat servers to implement two-way SSL authentication have long been there, more practical articles can look at the configuration Tomcat 4 uses SSL, using Google can also search for many similar articles. But now, these articles The method of the way is inadequate, one is to explain the configuration method on the Tomcat 4 server, there is a certain difference in the configuration method of the Tomcat 5 series that is generally used, secondly, the methods in these articles are mostly used as one Experimental operation introduction, if there is still some problems if used for the actual web server, there will be some problems:
The generated CA private key (CA-key.pem) and the self-certification certificate (Ca-cert.pem) are not encrypted, and since the server is published, and the root certificate cannot be modified after the client certificate is released. So no encrypted CA private key and the self-signed name root certificate will have security issues (if someone gets your CA root certificate, he can generate a client certificate for you); the generated server certificate ( Server_keystore) Does not include the trusted CA root certificate, trusted CA root certificate is imported into the default location of JSS, if the computer is not a computer and the real running web application is not the same computer, then when the server-side certificate is installed, Need to import the CA root certificate into the Default location on the server; generate the process of generating the client certificate is more cumbersome, it is inconvenient to carry out the generation of client certificates; there is no unified configuration file, and there is a need for a number of commands in the process of generating a certificate. Dependentity, the possibility of error is relatively large. For the above problems, based on the article "Configuring Tomcat 4 Use SSL" article, the certificate kit consisting of 4 batch commands and a configuration file is organized. This kit considers the need to produce a certificate in the actual web server environment, overcome the problems mentioned above. Please see the link in detail: Configure the Tomcat web server two-way SSL authentication in the formal use environment, the link includes related Download
