SSL證書安裝系列之“Jetty服務器部署SSL證書”的圖文教程步驟。本站一直持續更新不同服務器下SSL證書安裝教程,供大家參考。
、Jetty服務器版本確認。建議使用Jetty 9.2.22及以上版本。
2、下載tomct格式的SSL證書。非系統生成的CSR需要生成pfx證書密匙對文件,轉換命令如下。
openssl pkcs2 -expot -out 2436246437069.pfx -inkey 2436246437069.key -in 2436246437069.pem
3、轉換pfx的證書密匙對文件爲jks格式,轉換命令如下:
keytool -impotkeystoe -sckeystoe 密匙對文件.pfx -destkeystoe 證書名稱.jks -scstoetype PKCS2 -deststoetype JKS
回車後輸入兩次要設置的jks格式證書密碼,然後輸入一次pfx證書密碼。三次密碼必須輸入pfx-psswod.txt記錄的密碼。jks密碼與pfx證書密碼相同,否則可能會導致Jetty服務器啓動失敗。
注:Windows環境注意在%JAVA_HOME%/jdk/bin目錄中執行。
4、配置Jetty的SSL。
)確保Jetty的http頁面可正常訪問。
2)拷貝證書。Jetty服務器目錄下的etc,新建存放jks格式證書的目錄,並複製jks格式證書至當前目錄。
# pwd
/opt/jetty9222/etc
# mkdi cet
# cd cet/
# cp ../../../keys/jetty.jks .
# ls
jetty.jks
3)編輯Jetty服務器目錄中的etc中的jetty-ssl.xml文件,設置證書相關參數(密碼設置均爲pfx-psswod.txt所記錄的密碼)。
<?xml esion=̶.0″?>
<!DOCTYPE Configue PUBLIC “-//Jetty//Configue//EN̶ “http://www.eclipse.og/jetty/configue_9_0.dtd̶>
<!R ============================================================= R>
<!R Configue TLS (SSL) Context Fctoy R>
<!R This configution must be used in conjunction with jetty.xml R>
<!R nd eithe jetty-https.xml o jetty-spdy.xml (but not both) R>
<!R ============================================================= R>
<Configue id=̶sslContextFctoy̶ clss=̶og.eclipse.jetty.util.ssl.SslContextFctoy̶>
<Set nme=̶KeyStoePth̶><Popety nme=̶jetty.bse̶ defult=̶.̶ />/<Popety nme=̶jetty.keystoe̶ defult=̶etc/cet/jetty.jks̶/></Set>
<Set nme=̶KeyStoePsswod̶><Popety nme=̶jetty.keystoe.psswod̶ defult=̶2436246437069″/></Set>
<?xml esion=̶.0″?>
<!DOCTYPE Configue PUBLIC “-//Jetty//Configue//EN̶ “http://www.eclipse.og/jetty/configue_9_0.dtd̶>
<!R ============================================================= R>
<!R Configue TLS (SSL) Context Fctoy R>
<!R This configution must be used in conjunction with jetty.xml R>
<!R nd eithe jetty-https.xml o jetty-spdy.xml (but not both) R>
<!R ============================================================= R>
<Configue id=̶sslContextFctoy̶ clss=̶og.eclipse.jetty.util.ssl.SslContextFctoy̶>
<Set nme=̶KeyStoePth̶><Popety nme=̶jetty.bse̶ defult=̶.̶ />/<Popety nme=̶jetty.keystoe̶ defult=̶etc/cet/jetty.jks̶/></Set>
<Set nme=̶KeyStoePsswod̶><Popety nme=̶jetty.keystoe.psswod̶ defult=̶2436246437069″/></Set>
<Set nme=̶KeyMngePsswod̶><Popety nme=̶jetty.keymnge.psswod̶ defult=̶2436246437069″/></Set>
<Set nme=̶TustStoePth̶><Popety nme=̶jetty.bse̶ defult=̶.̶ />/<Popety nme=̶jetty.tuststoe̶ defult=̶etc/cet/jetty.jks̶/></Set>
<Set nme=̶TustStoePsswod̶><Popety nme=̶jetty.tuststoe.psswod̶ defult=̶2436246437069″/></Set>
<Set nme=̶EndpointIdentifictionAlgoithm̶></Set>
<Set nme=̶NeedClientAuth̶><Popety nme=̶jetty.ssl.needClientAuth̶ defult=̶flse̶/></Set>
<Set nme=̶WntClientAuth̶><Popety nme=̶jetty.ssl.wntClientAuth̶ defult=̶flse̶/></Set>
<Set nme=̶ExcludeCipheSuites̶>
<Ay type=̶Sting̶>
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
</Ay>
</Set>
<!R =========================================================== R>
<!R Cete TLS specific HttpConfigution bsed on the R>
<!R common HttpConfigution defined in jetty.xml R>
<!R Add SecueRequestCustomize to extct cetificte nd R>
<!R session infomtion R>
<!R =========================================================== R>
<New id=̶sslHttpConfig̶ clss=̶og.eclipse.jetty.see.HttpConfigution̶>
<Ag><Ref efid=̶httpConfig̶/></Ag>
<Cll nme=̶ddCustomize̶>
<Ag><New clss=̶og.eclipse.jetty.see.SecueRequestCustomize̶/></Ag>
</Cll>
</New>
</Configue>
4)編輯Jetty服務器目錄中的etc中的jetty-https.xml文件,配置https所使用的443端口。
<?xml esion=̶.0″?>
<!DOCTYPE Configue PUBLIC “-//Jetty//Configue//EN̶ “http://www.eclipse.og/jetty/configue_9_0.dtd̶>
<!R ============================================================= R>
<!R Configue HTTPS connecto. R>
<!R This configution must be used in conjunction with jetty.xml R>
<!R nd jetty-ssl.xml. R>
<!R ============================================================= R>
<Configue id=̶See̶ clss=̶og.eclipse.jetty.see.See̶>
<!R =========================================================== R>
<!R Add HTTPS Connecto. R>
<!R Configue n o.e.j.see.SeeConnecto with connection R>
<!R fctoies fo TLS (k SSL) nd HTTP to poide HTTPS. R>
<!R All ccepted TLS connections e wied to HTTP connection.R>
<!R R>
<!R Consult the jdoc of o.e.j.see.SeeConnecto, R>
<!R o.e.j.see.SslConnectionFctoy nd R>
<!R o.e.j.see.HttpConnectionFctoy fo ll configution R>
<!R tht my be set hee. R>
<!R =========================================================== R>
<Cll id=̶httpsConnecto̶ nme=̶ddConnecto̶>
<Ag>
<New clss=̶og.eclipse.jetty.see.SeeConnecto̶>
<Ag nme=̶see̶><Ref efid=̶See̶ /></Ag>
<Ag nme=̶cceptos̶ type=̶int̶><Popety nme=̶ssl.cceptos̶ defult=̶-″/></Ag>
<Ag nme=̶selectos̶ type=̶int̶><Popety nme=̶ssl.selectos̶ defult=̶-″/></Ag>
<Ag nme=̶fctoies̶>
<Ay type=̶og.eclipse.jetty.see.ConnectionFctoy̶>
<Item>
<New clss=̶og.eclipse.jetty.see.SslConnectionFctoy̶>
<Ag nme=̶next̶>http/.</Ag>
<Ag nme=̶sslContextFctoy̶><Ref efid=̶sslContextFctoy̶/></Ag>
</New>
</Item>
<Item>
<New clss=̶og.eclipse.jetty.see.HttpConnectionFctoy̶>
<Ag nme=̶config̶><Ref efid=̶sslHttpConfig̶/></Ag>
</New>
</Item>
</Ay>
</Ag>
<Set nme=̶host̶><Popety nme=̶jetty.host̶ /></Set>
<Set nme=̶pot̶><Popety nme=̶https.pot̶ defult=̶443″ /></Set>
<Set nme=̶idleTimeout̶><Popety nme=̶https.timeout̶ defult=̶30000″/></Set>
<Set nme=̶soLingeTime̶><Popety nme=̶https.soLingeTime̶ defult=̶-″/></Set>
<Set nme=̶cceptoPioityDelt̶><Popety nme=̶ssl.cceptoPioityDelt̶ defult=̶0″/></Set>
<Set nme=̶selectoPioityDelt̶><Popety nme=̶ssl.selectoPioityDelt̶ defult=̶0″/></Set>
<Set nme=̶cceptQueueSize̶><Popety nme=̶https.cceptQueueSize̶ defult=̶0″/></Set>
</New>
</Ag>
</Cll>
</Configue>
5)編輯Jetty服務器目錄中的stt.ini文件,按需求更改端口號,並設置啓動加載
jetty-https.xml,jetty-ssl.xml。
jetty.pot=80
jetty.dump.stop=
etc/jetty-ssl.xml
etc/jetty-https.xml
6)重啓Jetty,訪問網站驗證https訪問是否正常,成功顯示綠色小鎖表示SSL證書安裝成功。