Jetty7配置雙向SSL
阿新 • • 發佈:2019-02-16
參考Tomcat7配置雙向SSL配置客戶端pck12證書。(自簽名證書)
匯入trust key store:
keytool -keystore truststore -keypass 123456 -storepass 123456 -alias ca -import -trustcacerts -file ca-cert.pem
keytool -keystore truststore -keypass 123456 -storepass 123456 -alias client -import -trustcacerts -file client-cert.pem
客戶端瀏覽器匯入client.p12證書。(帶私鑰)
Server的證書
參考http://docs.codehaus.org/display/JETTY/How+to+configure+SSL
keytool -keystore keystore -alias jetty -genkey -keyalg RSA
jetty-ssl.xml的配置:
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Set name="Port">8443</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="Acceptors">2</Set>
<Set name="AcceptQueueSize">100</Set>
<Set name="Keystore"><Property name="jetty.home" default="." />/etc/ssl/keystore</Set>
<Set name="Password">123456</Set>
<Set name="KeyPassword">123456</Set>
<Set name="truststore"><Property name="jetty.home" default="." />/etc/ssl/truststore</Set>
<Set name="trustPassword">123456</Set>
<Set name="needClientAuth">true</Set>
<Set name="truststoreType">JKS</Set>
<Set name="keystoreType">JKS</Set>
<Set name="includeCipherSuites">
<Array type="java.lang.String">
<Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_RSA_WITH_AES_256_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA</Item>
</Array>
</Set>
</New>
匯入trust key store:
keytool -keystore truststore -keypass 123456 -storepass 123456 -alias ca -import -trustcacerts -file ca-cert.pem
keytool -keystore truststore -keypass 123456 -storepass 123456 -alias client -import -trustcacerts -file client-cert.pem
客戶端瀏覽器匯入client.p12證書。(帶私鑰)
Server的證書
參考http://docs.codehaus.org/display/JETTY/How+to+configure+SSL
keytool -keystore keystore -alias jetty -genkey -keyalg RSA
jetty-ssl.xml的配置:
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Set name="Port">8443</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="Acceptors">2</Set>
<Set name="AcceptQueueSize">100</Set>
<Set name="Keystore"><Property name="jetty.home" default="." />/etc/ssl/keystore</Set>
<Set name="Password">123456</Set>
<Set name="KeyPassword">123456</Set>
<Set name="truststore"><Property name="jetty.home" default="." />/etc/ssl/truststore</Set>
<Set name="trustPassword">123456</Set>
<Set name="needClientAuth">true</Set>
<Set name="truststoreType">JKS</Set>
<Set name="keystoreType">JKS</Set>
<Set name="includeCipherSuites">
<Array type="java.lang.String">
<Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_RSA_WITH_AES_256_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA</Item>
</Array>
</Set>
</New>