我必须在Jetty中启用SSL。我已经使用Keytool
生成了密钥库文件。我已经将此密钥工具文件包含在JETTY_BASE\etc\myKeystore
中。我在jetty-https.xml
jetty-ssl.xml
和JETTY_BASE\etc
jetty-https.xml:
<?xml version="1.0"?>
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<Call id="httpsConnector" name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="acceptors" type="int"><Property name="ssl.acceptors" default="-1"/></Arg>
<Arg name="selectors" type="int"><Property name="ssl.selectors" default="-1"/></Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<Item>
<New class="org.eclipse.jetty.server.SslConnectionFactory">
<Arg name="next">http/1.1</Arg>
<Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg>
</New>
</Item>
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config"><Ref refid="sslHttpConfig"/></Arg>
</New>
</Item>
</Array>
</Arg>
<Set name="host"><Property name="jetty.host" /></Set>
<Set name="port"><Property name="https.port" default="443" /></Set>
<Set name="idleTimeout"><Property name="https.timeout" default="30000"/></Set>
<Set name="soLingerTime"><Property name="jetty.https.soLingerTime" default="-1"/></Set>
<Set name="acceptorPriorityDelta"><Property name="jetty.https.acceptorPriorityDelta" default="0"/></Set>
<Set name="acceptQueueSize"><Property name="jetty.https.acceptQueueSize" default="0"/></Set>
</New>
</Arg>
</Call>
</Configure>
jetty-ssl.xml:
<?xml version="1.0"?>
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.keystore" default=""/>etc/myKeystore</Set>
<Set name="KeyStorePassword"><Property name="jetty.keystore.password" default=""/>password</Set>
<Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default=""/>password</Set>
<Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.truststore" default=""/>etc/myKeystore</Set>
<Set name="TrustStorePassword"><Property name="jetty.truststore.password" default=""/>password</Set>
<Set name="EndpointIdentificationAlgorithm"></Set>
<Set name="NeedClientAuth"><Property name="jetty.ssl.needClientAuth" default="false"/></Set>
<Set name="WantClientAuth"><Property name="jetty.ssl.wantClientAuth" default="false"/></Set>
<Set name="ExcludeCipherSuites">
<Array type="String">
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
</Array>
</Set>
<New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Arg><Ref refid="httpConfig"/></Arg>
<Call name="addCustomizer">
<Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg>
</Call>
</New>
</Configure>
尽管我将密钥库文件指定为
<Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.keystore" default=""/>etc/myKeystore</Set>
无法识别。 Jetty使用位于'JETTY_BASE / etc'中的默认'keystore'文件。如何使用生成的密钥库文件?
答案 0 :(得分:1)
在start.ini
中包含详细信息,并删除文件jetty-https.xml
和jetty-ssl.xml
。
样本start.ini
:
## Keystore file path (relative to $jetty.base)
jetty.sslContext.keyStorePath=etc/myKeystore
## Truststore file path (relative to $jetty.base)
jetty.sslContext.trustStorePath=etc/myKeystore
## Keystore password
jetty.sslContext.keyStorePassword=password
## Keystore type and provider
# jetty.sslContext.keyStoreType=JKS
# jetty.sslContext.keyStoreProvider=
## KeyManager password
jetty.sslContext.keyManagerPassword=password
## Truststore password
jetty.sslContext.trustStorePassword=password
从Jetty文档中:[https://www.eclipse.org/jetty/documentation/9.4.x/startup-modules.html]
不建议同时使用$ {jetty.base} /start.ini文件和 $ {jetty.base} /start.d目录同时进行,这样可以 引起问题。