Jetty服務(wù)器配置SSL證書(shū)的圖文教程
發(fā)布時(shí)間:2022-09-04 14:11
來(lái)源:主機偵探
閱讀:56
作者:主機偵探
欄目: 服務(wù)器
歡迎投稿:712375056
SSLssl/' target='_blank'>證書(shū)安裝系列之“Jetty服務(wù)器部署SSL證書(shū)”的圖文教程步驟�����。本站一直持續更新不同服務(wù)器下SSL證書(shū)安裝教程��,供大家參考���。
1�、Jetty服務(wù)器版本確認���。建議使用Jetty 9.2.22及以上版本����。
2����、下載tomcat格式的SSL證書(shū)���。非系統生成的CSR需要生成pfx證書(shū)密匙對文件�,轉換命令如下����。
openssl pkcs12 -export -out 214362464370691.pfx -inkey 214362464370691.key -in 214362464370691.pem
3�����、轉換pfx的證書(shū)密匙對文件為jks格式��,轉換命令如下:
keytool -importkeystore -srckeystore 密匙對文件.pfx -destkeystore 證書(shū)名稱(chēng).jks -srcstoretype PKCS12 -deststoretype JKS
回車(chē)后輸入兩次要設置的jks格式證書(shū)密碼����,然后輸入一次pfx證書(shū)密碼���。三次密碼必須輸入pfx-password.txt記錄的密碼���。jks密碼與pfx證書(shū)密碼相同����,否則可能會(huì )導致Jetty服務(wù)器啟動(dòng)失敗��。
注:Windows環(huán)境注意在%JAVA_HOME%/jdk/bin目錄中執行��。
4�、配置Jetty的SSL����。
1)確保Jetty的http頁(yè)面可正常訪(fǎng)問(wèn)��。
2)拷貝證書(shū)����。進(jìn)入Jetty服務(wù)器目錄下的etc����,新建存放jks格式證書(shū)的目錄����,并復制jks格式證書(shū)至當前目錄���。
# pwd
/opt/jetty9222/etc
# mkdir cert
# cd cert/
# cp ../../../keys/jetty.jks .
# ls
jetty.jks
3)編輯Jetty服務(wù)器目錄中的etc中的jetty-ssl.xml文件����,設置證書(shū)相關(guān)參數(密碼設置均為pfx-password.txt所記錄的密碼)�����。
<?xml version=”1.0″?>
<!DOCTYPE Configure PUBLIC “-//Jetty//Configure//EN” “http://www.eclipse.org/jetty/configure_9_0.dtd”>
<!– ============================================================= –>
<!– Configure a TLS (SSL) Context Factory –>
<!– This configuration must be used in conjunction with jetty.xml –>
<!– and either jetty-https.xml or jetty-spdy.xml (but not both) –>
<!– ============================================================= –>
<Configure id=”sslContextFactory” class=”org.eclipse.jetty.util.ssl.SslContextFactory”>
<Set name=”KeyStorePath”><Property name=”jetty.base” default=”.” />/<Property name=”jetty.keystore” default=”etc/cert/jetty.jks”/></Set>
<Set name=”KeyStorePassword”><Property name=”jetty.keystore.password” default=”214362464370691″/></Set>
<?xml version=”1.0″?>
<!DOCTYPE Configure PUBLIC “-//Jetty//Configure//EN” “http://www.eclipse.org/jetty/configure_9_0.dtd”>
<!– ============================================================= –>
<!– Configure a TLS (SSL) Context Factory –>
<!– This configuration must be used in conjunction with jetty.xml –>
<!– and either jetty-https.xml or jetty-spdy.xml (but not both) –>
<!– ============================================================= –>
<Configure id=”sslContextFactory” class=”org.eclipse.jetty.util.ssl.SslContextFactory”>
<Set name=”KeyStorePath”><Property name=”jetty.base” default=”.” />/<Property name=”jetty.keystore” default=”etc/cert/jetty.jks”/></Set>
<Set name=”KeyStorePassword”><Property name=”jetty.keystore.password” default=”214362464370691″/></Set>
<Set name=”KeyManagerPassword”><Property name=”jetty.keymanager.password” default=”214362464370691″/></Set>
<Set name=”TrustStorePath”><Property name=”jetty.base” default=”.” />/<Property name=”jetty.truststore” default=”etc/cert/jetty.jks”/></Set>
<Set name=”TrustStorePassword”><Property name=”jetty.truststore.password” default=”214362464370691″/></Set>
<Set name=”EndpointIdentificationAlgorithm”></Set>
<Set name=”NeedClientAuth”><Property name=”jetty.ssl.needClientAuth” default=”false”/></Set>
<Set name=”WantClientAuth”><Property name=”jetty.ssl.wantClientAuth” default=”false”/></Set>
<Set name=”ExcludeCipherSuites”>
<Array type=”String”>
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
</Array>
</Set>
<!– =========================================================== –>
<!– Create a TLS specific HttpConfiguration based on the –>
<!– common HttpConfiguration defined in jetty.xml –>
<!– Add a SecureRequestCustomizer to extract certificate and –>
<!– session information –>
<!– =========================================================== –>
<New id=”sslHttpConfig” class=”org.eclipse.jetty.server.HttpConfiguration”>
<Arg><Ref refid=”httpConfig”/></Arg>
<Call name=”addCustomizer”>
<Arg><New class=”org.eclipse.jetty.server.SecureRequestCustomizer”/></Arg>
</Call>
</New>
</Configure>
4)編輯Jetty服務(wù)器目錄中的etc中的jetty-https.xml文件����,配置https所使用的443端口����。
<?xml version=”1.0″?>
<!DOCTYPE Configure PUBLIC “-//Jetty//Configure//EN” “http://www.eclipse.org/jetty/configure_9_0.dtd”>
<!– ============================================================= –>
<!– Configure a HTTPS connector. –>
<!– This configuration must be used in conjunction with jetty.xml –>
<!– and jetty-ssl.xml. –>
<!– ============================================================= –>
<Configure id=”Server” class=”org.eclipse.jetty.server.Server”>
<!– =========================================================== –>
<!– Add a HTTPS Connector. –>
<!– Configure an o.e.j.server.ServerConnector with connection –>
<!– factories for TLS (aka SSL) and HTTP to provide HTTPS. –>
<!– All accepted TLS connections are wired to a HTTP connection.–>
<!– –>
<!– Consult the javadoc of o.e.j.server.ServerConnector, –>
<!– o.e.j.server.SslConnectionFactory and –>
<!– o.e.j.server.HttpConnectionFactory for all configuration –>
<!– that may be set here. –>
<!– =========================================================== –>
<Call id=”httpsConnector” name=”addConnector”>
<Arg>
<New class=”org.eclipse.jetty.server.ServerConnector”>
<Arg name=”server”><Ref refid=”Server” /></Arg>
<Arg name=”acceptors” type=”int”><Property name=”ssl.acceptors” default=”-1″/></Arg>
<Arg name=”selectors” type=”int”><Property name=”ssl.selectors” default=”-1″/></Arg>
<Arg name=”factories”>
<Array type=”org.eclipse.jetty.server.ConnectionFactory”>
<Item>
<New class=”org.eclipse.jetty.server.SslConnectionFactory”>
<Arg name=”next”>http/1.1</Arg>
<Arg name=”sslContextFactory”><Ref refid=”sslContextFactory”/></Arg>
</New>
</Item>
<Item>
<New class=”org.eclipse.jetty.server.HttpConnectionFactory”>
<Arg name=”config”><Ref refid=”sslHttpConfig”/></Arg>
</New>
</Item>
</Array>
</Arg>
<Set name=”host”><Property name=”jetty.host” /></Set>
<Set name=”port”><Property name=”https.port” default=”443″ /></Set>
<Set name=”idleTimeout”><Property name=”https.timeout” default=”30000″/></Set>
<Set name=”soLingerTime”><Property name=”https.soLingerTime” default=”-1″/></Set>
<Set name=”acceptorPriorityDelta”><Property name=”ssl.acceptorPriorityDelta” default=”0″/></Set>
<Set name=”selectorPriorityDelta”><Property name=”ssl.selectorPriorityDelta” default=”0″/></Set>
<Set name=”acceptQueueSize”><Property name=”https.acceptQueueSize” default=”0″/></Set>
</New>
</Arg>
</Call>
</Configure>
5)編輯Jetty服務(wù)器目錄中的start.ini文件����,按需求更改端口號���,并設置啟動(dòng)加載
jetty-https.xml����,jetty-ssl.xml�。
jetty.port=80
jetty.dump.stop=
etc/jetty-ssl.xml
etc/jetty-https.xml
6)重啟Jetty���,訪(fǎng)問(wèn)網(wǎng)站驗證https訪(fǎng)問(wèn)是否正常���,成功顯示綠色小鎖表示SSL證書(shū)安裝成功�����。
來(lái)源鏈接:https://www.idcspy.com/21462.html
本站聲明:網(wǎng)站內容來(lái)源于網(wǎng)絡(luò ),如有侵權,請聯(lián)系我們,我們將及時(shí)處理����。
