Install jetty HTTPS Certificate

Deployment environment:

Centos6, jetty9, jdk1.7

The certificate provided by a third-party organization

1. Modify ETC/jetty-https.xml

<Set name = "Port"> <property name = "HTTPS. Port" default = "443"/> </set>

Is

<Set name = "Port"> <property name = "HTTPS. Port" default = "8443"/> </set>

2. Modify start. ini.

Jetty. Dump. Stop = false

Is

Jetty. Dump. Stop =
ETC/jetty-ssl.xml

ETC/jetty-https.xml

3. Restart the jetty service.

When you access https: // localhost, a message indicating that the certificate is not trusted indicates that the service is successfully started.

Certificate creation:

1. Generate the keystore File

Keytool-genkey-alias jetty-keyalg RSA-keysize 2048-keystore mykeystore

For example:

Enter the keystore password: 123456
What is your first name and last name?
[UNKNOWN]: www.baidu.com
What is the name of your organization?
[UNKNOWN]: it
What is your organization name?
[UNKNOWN]: xxxx
What is the name of your city or region?
[UNKNOWN]: Shanghai
What is the name of your state or province?
[UNKNOWN]: Shanghai

What is the two-letter country code for this unit?
[UNKNOWN]: CN
CN = Xu yahe, ou = Tianhe, O = Tianhe Co., Ltd., L = Nanjing, St = Jiangsu, c = cn?
[No]: Y

Enter the <xahca> Primary Password
(If the password is the same as the keystore password, press Enter ):

2. Generate the CSR File

Keytool-certreq-alias jetty-keystore mykeystore-file certreq. CSR

3. submit the certificate authority to obtain the intermediate certificate and server certificate.

Save it as zhongji. CER and server. Cer.

4. Import the intermediate Certificate (the type of HTTPS certificate confirmed with a third-party organization, note the alias)

Keytool-import-trustcacerts-keystore mykeystore-alias zhongji-file zhongji. Cer

5. Import the server certificate

Keytool-import-trustcacerts-keystore mykeystore-alias jetty-file server. Cer

Attachment: delete certificate: keytool-delete-alias tomcat-keystore server. jks

View certificate: keytool-list-v-keystore server. jks

In jetty9

1. Put the above mykeystore file under the etc directory of the jetty directory

2. Modify the jetty-ssl.xml File

<Set name = "keystorepath"> <property name = "jetty. base "default = ". "/>/<property name =" jetty. keystore "default =" ETC/mykeystore "/> </set>

<Set name = "keystorepassword"> <property name = "Jetty. keystore. Password" default = "OBF: 1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/> </set>

<Set name = "keymanagerpassword"> 123456 </set>

<Set name = "truststorepath"> <property name = "jetty. base "default = ". "/>/<property name =" jetty. truststore "default =" ETC/mykeystore "/> </set>

<Set name = "truststorepassword"> 123456 </set>

<Set name = "endpointidentificationalgorithm"> </set>

Modify the preceding content:

<Set name = "keystorepath"> <property name = "jetty. base "default = ". "/>/<property name =" jetty. keystore "default =" ETC/keystore "/> </set>

<Set name = "keystorepassword"> 123456 </set>

<Set name = "keymanagerpassword"> <property name = "Jetty. keymanager. Password" default = "OBF: 1u2u1wml1z7s1z7a1wnl1u2g"/> </set>

<Set name = "truststorepath"> <property name = "jetty. base "default = ". "/>/<property name =" jetty. truststore "default =" ETC/keystore "/> </set>

<Set name = "truststorepassword"> <property name = "Jetty. truststore. Password" default = "OBF: 1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/> </set>

<Set name = "endpointidentificationalgorithm"> </set>

The password is the password used to create the mykeystore.
3. Restart the jetty server.

Access jetty again, succeeded

Common keytool commands in JDK
-Genkey creates a default file ". keystore" in the user's main directory, and generates a mykey alias. mykey contains the user's public key, private key, and certificate.
-Alias generation
-Keystore specifies the name of the keystore (the generated information will not be in the. keystore file.
-Keyalg: Algorithm for specifying the key
-Validity: Specifies the validity period of the created certificate.
-Keysize: Specifies the key length.
-Storepass: password of the specified keystore
-Keypass: Specifies the password of an Alias Entry
-Dname indicates the certificate owner information, for example, "cn = sagely, ou = ASD, O = szu, L = SZ, St = Gd, c = cn"
-List: displays the certificate information in the keystore. keytool-list-v-keystore sage-storepass ....
-V: displays the certificate details in the keystore.
-Export: export the Certificate specified by the alias to the file keytool-export-alias caroot-file caroot. CRT.
-The file parameter specifies the file name to be exported.
-Delete: Delete the keytool-delete-alias sage-keystore sage entry in the keystore.
-Keypasswd: Modify the entry password keytool-keypasswd-alias sage-keypass ......-New ......-storepass ......-keystore sage in the keystore
-Import the signed digital certificate to the keystore keytool-import-alias sage-keystore sagely-file Sagely. CRT
After importing the signed digital certificate with keytool-list-V, you can obviously find that the length of the authentication chain is longer and print out all the CA chains.

This article is from the "learning online" blog, please be sure to keep this source http://fengsheng.blog.51cto.com/3324215/1532142