我想仅为我的申请设置HTTPS。为此,我使用LetsEncrypt生成证书并成为我的CA。
LetsEncrypt为我生成了这些文件:
root@myapp:/opt/letsencrypt# ll /etc/letsencrypt/live/myapp.company.coms/
total 8
drwxr-xr-x 2 root root 4096 Feb 19 15:46 ./
drwx------ 3 root root 4096 Feb 19 15:46 ../
lrwxrwxrwx 1 root root 47 Feb 19 15:46 cert.pem -> ../../archive/myapp.company.coms/cert1.pem
lrwxrwxrwx 1 root root 48 Feb 19 15:46 chain.pem -> ../../archive/myapp.company.coms/chain1.pem
lrwxrwxrwx 1 root root 52 Feb 19 15:46 fullchain.pem -> ../../archive/myapp.company.coms/fullchain1.pem
lrwxrwxrwx 1 root root 50 Feb 19 15:46 privkey.pem -> ../../archive/myapp.company.coms/privkey1.pem
Reading Play 2 Framework documentation,他们这样说:
https.keyStore - The path to the keystore containing the private key and certificate, if not provided generates a keystore for you
https.keyStoreType - The key store type, defaults to JKS
https.keyStorePassword - The password, defaults to a blank password
https.keyStoreAlgorithm - The key store algorithm, defaults to the platforms default algorithm
使用这些属性的示例可能是:
./start -Dhttps.port=9443 -Dhttps.keyStore=/path/to/keystore -Dhttps.keyStorePassword=changeme
现在我已经拥有了LetsEncrypt生成的密钥和证书,如何生成我的密钥库以供Play 2 Framework使用?
答案 0 :(得分:0)
如果您需要使用PKCS12类型(语言中立的方式来存储加密的私钥和证书):
openssl pkcs12 -export -in ../../archive/myapp.company.coms/fullchain1.pem
-inkey ../../archive/myapp.company.coms/privkey1.pem
-out ../../archive/myapp.company.coms/keystore.p12
-CAfile ../../archive/myapp.company.coms/cert1.pem
-caname root
(输入您的首选密码2次,或者您可以使用参数-passout pass:your_password)
您的pkcs12将位于此处:
../../archive/myapp.company.coms/keystore.p12
在您的应用程序中使用:
https.keyStoreType=PKCS12
如果您需要JKS,则:
1.制作pkcs12(如上所述)
2.使用:
keytool -importkeystore -srckeystore ../../archive/myapp.company.coms/keystore.p12
-srcstoretype pkcs12
-destkeystore ../../archive/myapp.company.coms/cert.jks
-deststoretype jks
(输入您的首选密码两次,也可以使用参数-storepass your_password)
(输入用于pkcs12的密码,或者可以使用参数-srcstorepass your_password)
您的jks将位于此处:
../../archive/myapp.company.coms/cert.jks
在您的应用程序中使用:
https.keyStoreType=JKS