Jetty 7.0 SSL 配置的密钥库密码
尝试使用以下说明在 jetty 7.2.2 上设置 SSL: http://docs.codehaus.org/display/JETTY/How+to+configure+SSL< /a>
卡在 3b 上: keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore $JETTY_HOME/etc/keystore
jetty 附带位于 $JETTY_HOME/etc/keystore
的默认密钥库。运行该命令时要求我输入密码。我不知道默认密钥库密码。
如果我尝试用新创建的密钥库替换该密钥库 - 我在码头启动时收到 IOException - 密钥库被篡改或密码不正确。
我做错了什么?或者默认密钥库码头密码是什么?
Trying to setup SSL on jetty 7.2.2 using these instructions:
http://docs.codehaus.org/display/JETTY/How+to+configure+SSL
stuck on 3b:keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore $JETTY_HOME/etc/keystore
jetty ships with default keystore at $JETTY_HOME/etc/keystore
. I'm asked for password when running that command. I don't know default keystore password.
If I try to replace that keystore with newly created one - I'm getting IOException on jetty startup - keystore is tampered with or password incorrect.
What I'm doing wrong? Or what's default keystore jetty password?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
jetty 附带的密钥库的默认密码是
storepwd
。但我强烈建议您按照 如何配置 SSL 并创建您自己的密钥库。The default password for the keystore that is shipped with jetty is
storepwd
. But I would highly recommend you follow the steps listed in the How to configure SSL and create your own keystore.我认为您只想用新密钥覆盖 etc/keystore 中的密钥库。然后,按照步骤 4 更新 Jetty 配置。您需要使用 org.mortbay.jetty.security.Password 类来混淆您的密钥库密码。
I think you just want to overwrite the keystore in etc/keystore with your new one. Then, update the Jetty conf as in Step 4. You will need to obfuscate your keystore password using the
org.mortbay.jetty.security.Password
class.还需要遵循一个更微妙的步骤。
即 Jetty 有另一个文件 start.ini,取消注释 jetty-ssl.xml 行以使 SSL 配置处于活动状态。
One more subtle steps that needs to be followed .
i.e Jetty has another file start.ini, un-comment jetty-ssl.xml line to make the SSL configuration active.
那是我的错。没有注意到还有 jetty-ssl.xml,它使用默认密钥库。将 addConnector 移至 jetty-ssl.xml,并在其中输入正确的密码,现在一切正常。
That was my bad. Didn't notice that there's jetty-ssl.xml also, that used default keystore. Moved addConnector to jetty-ssl.xml, put right passwords there, and everything works now like a charm.
需要注意的是,jetty 的 eclipse 版本的工作方式略有不同 http://www.eclipsezone.com /eclipse/forums/t88098.html
One note, the eclipse version of jetty works a little differently http://www.eclipsezone.com/eclipse/forums/t88098.html
今天使用 jetty 9.4.34,您希望使用默认密钥库密码
storepwd
和默认私钥密码keypwd
,这样您就不会不必修改配置,并且您拥有通用 PEM 格式的证书/密钥...这就是您需要导入以提供 SSL 功能的全部内容
因为 JKS 有这
但是这是唯一可以设置不同的密钥密码的方法,例如为密钥设置
keypwd
,为密钥库设置storepwd
.对于 pkcs12 存储类型,这种区别是不可能的(至少对于 keytool,执行时会出错)。
对于其余部分(例如修改自己的密码的配置以及生成自己的密码),请参阅 https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html 就可以了。
Today with jetty 9.4.34 and you'd like to use the default keystore password
storepwd
and default private key passwordkeypwd
, so that you don't have to modify the config, and you have cert/key in common PEM format...That's all you need to import to provide SSL functionality
Because of JKS there is the
But it is the only possibility to set a different keypass like
keypwd
for key andstorepwd
for keystore.For pkcs12 storetype this distinction is impossible (at least with keytool, there is an error on execution).
For the rest (like config modifications for own passwords, and generating own passwords) the documentation at https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html is ok.