按如下方法将tomcat配置出国密SSL安全通道
1. 将
doubleca-jce-0.9.4-SNAPSHOT.jar
doubleca-gmssl-tomcat7-jdk7-0.9.1-SNAPSHOT.jar
doubleca-sse-jdk7-0.9.2-SNAPSHOT.jar
三个jar包复制到tomcat的lib目录下
2. 到大宝CA生成国密SSL需要的jks和dcks格式的证书与密钥文件
3. 修改server.xml配置文件
将
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
修改为
<Connector port="443" protocol="com.doubleca.tomcat7.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="GMSSLv1.1"
keystoreType="JKS"
keystoreFile="conf/server.jks" keystorePass="DoubleCA"
truststoreFile="conf/server.jks" truststorePass="DoubleCA"
gmKeystoreType="DCKS"
gmKeystoreProvider="DoubleCA-JCE"
gmKeyPass="DoubleCA"
gmTruststoreProvider="DoubleCA-JCE"
gmKeystoreFile="conf/tomcat_gmssl.dcks" gmKeystorePass="DoubleCA"
gmTruststoreFile="conf/tomcat_gmssl.dcks" gmTruststorePass="DoubleCA"/>
4. 使用国密算法专用浏览器成功通过国密https安全通道访问服务器内容