公司目前服務器用的是Jetty?9.2.5.v20141112版本,有一天跟我說需要加上HTTPS,查找很多文檔后才找到一個方法,將完整方法分享給大家。
Jetty 需要使用的Key文件為keystore,而各大服務商申請的Key文件一般為pem等文件。
一、申請Key證書
? ? ?這個部分就省略不講了,一般阿里云、騰訊云等等服務商都有免費的證書申請。
二、轉換證書格式
? ? 1.將pfx格式證書轉換為jks格式證書
? ? ? ? windows打開CMD命令行窗口
? ? ? keytool -importkeystore -srckeystore 你的證書.pfx -destkeystore 你的證書.jks -srcstoretype PKCS12 -deststoretype JKS
? ?2.將jks格式證書轉換為p12格式證書
? ? ? ? 通過JAVA代碼進行轉換
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.util.Enumeration;
public class KeyZ {
????// 證書格式
????public static final String JKS = "JKS";
????public static final String PKCS12 = "PKCS12";
????// 證書和路徑
????public static final String INPUT_KEYSTORE_FILE = "e:/你的證書/your-name.jks";
????public static final String KEYSTORE_PASSWORD = "你的證書密碼";
????public static final String OUTPUT_KEYSTORE_FILE = "e:/你的證書/你的證書.p12";
????// 證書別名
????public static final String CERT_ALIAS = "client"; /
????** * @param args */
????public static void main(String[] args) throws Exception{
????????KeyStore inputKeyStore = KeyStore.getInstance(JKS);
????????FileInputStream fis = new FileInputStream(INPUT_KEYSTORE_FILE);
????????char[] nPassword = KEYSTORE_PASSWORD.toCharArray();
????????inputKeyStore.load (fis, nPassword);
????????fis.close();
????????System.out.println("keystore type=" + inputKeyStore.getType());
????????KeyStore outputKeyStore = KeyStore.getInstance(PKCS12);
????????outputKeyStore.load(null, KEYSTORE_PASSWORD.toCharArray());
????????Enumeration enumStrs = inputKeyStore.aliases();
????????while (enumStrs.hasMoreElements()){
????????????String keyAlias = enumStrs.nextElement();
????????????System.out.println("alias=[" + keyAlias + "]");
????????????if (inputKeyStore.isKeyEntry(keyAlias)) {
????????????????Key key = inputKeyStore.getKey(keyAlias, nPassword);
????????????????Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias);
????????????????outputKeyStore.setKeyEntry(CERT_ALIAS, key, KEYSTORE_PASSWORD.toCharArray(), certChain);
????????????}
????????????}
????????FileOutputStream out = new FileOutputStream(OUTPUT_KEYSTORE_FILE);
????????outputKeyStore.store(out, nPassword); out.close();
????????}
????}
? ? 3.將p12證書格式轉換為 keystore文件格式
? ? ? ? 打開CMD窗口
? ??????keytool -importkeystore -v -srckeystore 你的證書.p12 -srcstoretype pkcs12 -srcstorepass 你的證書密碼 -destkeystore 你的證書.keystore -deststoretype jks -deststorepass 你的證書密碼
三、Jetty配置
? ? 1.運行java -jar ..\jetty-distribution-9.2.5.v20141112\start.jar --add-to-start=https
????????????java -jar ..\jetty-distribution-9.2.5.v20141112\start.jar --add-to-start=ssl
? ? 2.將證書放置在jetty的etc/cert中
? ? 3.打開start.ini
? ? ? ? 發現已經有https和SSL兩個模塊
# --------------------------------------- #Module: ssl
--module=ssl
### SSL Keystore Configuration
# define the port to use for secure redirection
jetty.secure.port=8999? #安全端口自己配置
## Setup a demonstration keystore and truststore
jetty.keystore=etc/cert/ 你的證書.keystore
jetty.truststore=etc/cert/你的證書.keystore
## Set the demonstration passwords.
## Note that OBF passwords are not secure, just protected from casual observation
## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html
jetty.keystore.password= 你的證書密碼
jetty.keymanager.password= 你的證書密碼
jetty.truststore.password= 你的證書密碼
### Set the client auth behavior
## Set to true if client certificate authentication is required
# jetty.ssl.needClientAuth=true
## Set to true if client certificate authentication is desired
# jetty.ssl.wantClientAuth=true
## Parameters to control the number and priority of acceptors and selectors
# ssl.selectors=1
# ssl.acceptors=1
# ssl.selectorPriorityDelta=0
# ssl.acceptorPriorityDelta=0
# --------------------------------------- #Module: https
--module=https
## HTTPS Configuration
# HTTP port to listen on
https.port=8999? #端口與上面保持一致
# HTTPS idle timeout in milliseconds
https.timeout=30000
# HTTPS Socket.soLingerTime in seconds. (-1 to disable)
# https.soLingerTime=-1
至此,重啟服務器,HTTPS就配置成功了,可以試試看用https端口是否能夠成功訪問
