一、生成证书
Tomcat支持JKS格式证书,从Tomcat7开始也支持PFX格式证书,两种证书格式任选其一。
文件说明:
证书文件xxxx.pem,包含两段内容,请不要删除任何一段内容。
如果是证书系统创建的CSR,还包含:证书私钥文件xxxx.key、PFX格式证书文件xxxx.pfx、PFX格式证书密码文件pfx-password.txt。
我这里用jdk生成自签证书,格式是keystore
keytool -genkey -v -alias testKey -keyalg RSA -validity 3650 -keystore test.keystore
二、配置tomcat https
/conf/server.xml
jdk自签
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" > <SSLHostConfig> <Certificate certificateKeystoreFile="/usr/local/apache-tomcat-9.0.14/conf/test.keystore" type="RSA" certificateKeystorePassword="Redcore@123" /> </SSLHostConfig> </Connector>
其他格式
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true"> <SSLHostConfig> <Certificate certificateKeystoreFile="D:/apache-tomcat-8.5.15/cert/xxx.pfx" certificateKeystoreType="PKCS12" certificateKeystorePassword="xxx" /> </SSLHostConfig> </Connector>
三、自签证书不信任处理
查看证书,复制到文件。保存证书后再在Ie的内容》证书,导入即可。
四、转换pem证书方法
下面红字为输入证书文件路径,绿色为输出文件路径。
第一步 先v把keystore文件转换为pkcs12格式 keytool -importkeystore -srckeystore test.keystore -destkeystore tmp.p12 -srcstoretype JKS -deststoretype PKCS12
第二步 将PKCS12 dump成pem 这样就可以按照文本形式查看了
openssl pkcs12 -in tmp.p12 -nodes -out tmp.rsa.pem
查看证书内容 -----BEGIN PRIVATE KEY----- 和 -----END PRIVATE KEY----- 之间的是私钥。将这段另存为tomcatpri.pem
-----BEGIN CERTIFICATE----- 和 -----END CERTIFICATE----- 之间是证书公钥的内容。
Bag Attributes friendlyName: testkey localKeyID: 54 69 6D 65 20 31 35 39 32 32 30 36 30 37 30 34 34 37 Key Attributes: <No Attributes> -----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCsR8mQjjEUU6ai Q7a8Srju0rCE7zymRUYBKEZPxe5sYMDPDIItbnOk9zsSvhSS0kKONXzMoLUS8CD+ qgarEN6b/S9ios4HootecyPAzQZfdJ/CboUIntI7ugTXIPK5loU79rn92jGsUcoS Jn1QgpK2SKg3F9rIuZ04XTbMJcxwSLHq/InPUrHr5gr3iqr/8NwMoBQoRITEvpNA aZ4NioFLvjql3CMGNRAWkolJcwSQm5QVkHeM/8orAYNKakCIYJRdspWIj3EDhRbd PYbsyd1BHrNf1QW1Vrzv94ZdbBkAhbcy3JgNteElM4IGT4LWA0kNsML4T0ky8FHe fji3G2XrAgMBAAECggEBAKaKCt6zpdwpdSbc4HQqo5UylLMc9Xsh8idCQJ3zD6Uy 7o/4Xor+f8pTuIZIu2im2vHP4OGK5R/2g17LDAEoIJmYacsm6JXW2nUmRsSlLWjv O1TgM7f+l+pmyzEPR7SCPi+WNXuhBm227ukWzgMbBioyGHKRm8x4KfSHn2Y/j95l vayu49oA+ZIL5ye/CDqZwYH8On/M1He+x+69f17JbXDx4FM5Em5tSOM2ZCFbWGYY Eu4QXK/HPojd/Y5PbRAP5yh2l0fmFL8SWJCrEApKRT7yxBTNJkAx8u7aWkDM+9CD wXnVwIUClW3OBSjOOsjNYqqlStVLtOKIgtMaT92aJKkCgYEA8U3XNitDXYkK83Uj vODRFcsimGUKWeElNO7qcMMFizulxYweFFpW8Dj9iGxdx+BqREi2+D70UHFJox3m 3g2kuzd07Z/VBIefEd8eyDNt1bHYrsRwPUZxpuFGe/NCLv49t3yY/xGi8cNNMOa7 U89sV5aiBZuF9n2NJPOz4ZmMRgcCgYEAtsXNdM321fGd/kzIhE0gDo5GhZoaJpp6 mUGO1Kp/nDR5WhVBZgIe6xHgqrrXyOh0nKsyOzhSTWBt9Gayj2MxIg6VKmPlWu4O Y5ndMxZGB2rXVb63xhJqR7hhw0dpVS+466SJMh4hPOiaiPC5PnYvYu6ZJRzqID/d ocnGre3wB/0CgYEAumJSsj+WiB/7enNniFPqjDfcX/Pjm+sA7zL/mNu6Y4JOGBmT fksNTf3nL0Hs6h9YVagI1BTkZ2Ip67mEAs5tCELcqVLEmfwbjRVXVHINC3uUj+Gh hGLuFGV7KPCLlXrBtwGht5sqziz5aaU+2oyj9b+fJE+tmOf/ZqRqs/4DUG8CgYAd 2Vn/fG+WaxpBYKrSqIHWvreXtB4XNd1V0BYSdzHWAd/brWL71NbVzxqg51i8T/JT b8YJU95lEp2Cb48zyaBJjpYf0Saw3fXtoEA2yqlvJqy6LSZ4K6O9yMf2i2ARcHTD zyA01iTZfKdYO/AU2lpMzuil3f4CfEum03wmBZjQxQKBgCkBCoiXvT4QARO9k0Ri Um/D4IE6Xgoj21MoK+1YcsI+MbtGfijIUiFOIlHJAbg6enCpX1Y7mVz7Qi/2FryK my1bQOz9IgpHjjOniMEywCBmmiuGxJAMWoqIzIm/RFj+FLrCoysgPmpv9ctDl832 P0rLAIp/JsD2ZkrNKLqto1MR -----END PRIVATE KEY----- Bag Attributes friendlyName: testkey localKeyID: 54 69 6D 65 20 31 35 39 32 32 30 36 30 37 30 34 34 37 subject=/C=86/ST=hd/L=bj/O=cnn/OU=cn/CN=li issuer=/C=86/ST=hd/L=bj/O=cnn/OU=cn/CN=li -----BEGIN CERTIFICATE----- MIIDPTCCAiWgAwIBAgIEHg4xQTANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwI4 NjELMAkGA1UECBMCaGQxCzAJBgNVBAcTAmJqMQwwCgYDVQQKEwNjbm4xCzAJBgNV BAsTAmNuMQswCQYDVQQDEwJsaTAeFw0yMDA2MTUwMzA1MTZaFw0zMDA2MTMwMzA1 MTZaME8xCzAJBgNVBAYTAjg2MQswCQYDVQQIEwJoZDELMAkGA1UEBxMCYmoxDDAK BgNVBAoTA2NubjELMAkGA1UECxMCY24xCzAJBgNVBAMTAmxpMIIBIjANBgkqhkiG 9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEfJkI4xFFOmokO2vEq47tKwhO88pkVGAShG T8XubGDAzwyCLW5zpPc7Er4UktJCjjV8zKC1EvAg/qoGqxDem/0vYqLOB6KLXnMj wM0GX3Sfwm6FCJ7SO7oE1yDyuZaFO/a5/doxrFHKEiZ9UIKStkioNxfayLmdOF02 zCXMcEix6vyJz1Kx6+YK94qq//DcDKAUKESExL6TQGmeDYqBS746pdwjBjUQFpKJ SXMEkJuUFZB3jP/KKwGDSmpAiGCUXbKViI9xA4UW3T2G7MndQR6zX9UFtVa87/eG XWwZAIW3MtyYDbXhJTOCBk+C1gNJDbDC+E9JMvBR3n44txtl6wIDAQABoyEwHzAd BgNVHQ4EFgQU0UqJt2f6ezn4gF5uxVAI7NMWA/MwDQYJKoZIhvcNAQELBQADggEB AEukNIzRAuPeNYBW3XScDMtwfFkSs6gJnZB9FhvQlUMRAVwr6igruxQB5Ok7u7V2 8gJZYDHBCeWMzZ4y51yMMtv70/fRyS2Bk8wOdMGPN5hQ6yvEsl7WHG/4rDV36TZd bB9jE3+Z7StNy1XcotfaepXZwV/yDRjzukWvbUe+/2aIqEiOpDCvic0S4MZE+jiA ZeStJTTswNPAxY5/dxEf5sWoGYcGIU55futbJGHpeDCCIn6LsLdIlRacvIzIUSUg awwF4QUCRoKBWf+v2gJu0A9VtzWma1I/RKABDWKYWQQCxrsIKJw7AtwhqrKdIDfj lehuBmJ6QWYO8o9BP2tiPis= -----END CERTIFICATE-----
五、编辑脚本
方法一(推荐简单)
运行时runtime setting -> Internet protocol->perference 选中 WinINet replay instead of sockets
Action() { web_set_sockets_option("SSL_VERSION","TLS"); lr_start_transaction("baidu"); web_url("test", "URL=https://192.168.2.147:8443/", "Resource=0", "RecContentType=text/html", "Referer=", "Snapshot=t2.inf", "Mode=HTML", LAST); lr_end_transaction("baidu", LR_AUTO); return 0; }
方法二
Action() { web_set_certificate_ex( "CertFilePath=f:\\tomcatcert.pem", "CertFormat=PEM", "KeyFilePath=f:\\tomcatpri.pem", "KeyFormat=PEM", "Password=aaaaaa123", LAST ); lr_start_transaction("baidu"); web_url("test", "URL=https://192.168.2.147:8443/", "Resource=0", "RecContentType=text/html", "Referer=", "Snapshot=t2.inf", "Mode=HTML", LAST); lr_end_transaction("baidu", LR_AUTO); return 0; }
