Jetty 7.0 SSL 配置的密钥库密码

发布于 2024-10-12 14:39:28 字数 500 浏览 1 评论 0原文

尝试使用以下说明在 jetty 7.2.2 上设置 SSL: http://docs.codehaus.org/display/JETTY/How+to+configure+SSL< /a>

卡在 3b 上: keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore $JETTY_HOME/etc/keystore

jetty 附带位于 $JETTY_HOME/etc/keystore 的默认密钥库。运行该命令时要求我输入密码。我不知道默认密钥库密码。

如果我尝试用新创建的密钥库替换该密钥库 - 我在码头启动时收到 IOException - 密钥库被篡改或密码不正确。

我做错了什么?或者默认密钥库码头密码是什么?

Trying to setup SSL on jetty 7.2.2 using these instructions:
http://docs.codehaus.org/display/JETTY/How+to+configure+SSL

stuck on 3b:
keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore $JETTY_HOME/etc/keystore

jetty ships with default keystore at $JETTY_HOME/etc/keystore. I'm asked for password when running that command. I don't know default keystore password.

If I try to replace that keystore with newly created one - I'm getting IOException on jetty startup - keystore is tampered with or password incorrect.

What I'm doing wrong? Or what's default keystore jetty password?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

亢潮 2024-10-19 14:39:28

jetty 附带的密钥库的默认密码是 storepwd。但我强烈建议您按照 如何配置 SSL 并创建您自己的密钥库。

The default password for the keystore that is shipped with jetty is storepwd. But I would highly recommend you follow the steps listed in the How to configure SSL and create your own keystore.

西瓜 2024-10-19 14:39:28

我认为您只想用新密钥覆盖 etc/keystore 中的密钥库。然后,按照步骤 4 更新 Jetty 配置。您需要使用 org.mortbay.jetty.security.Password 类来混淆您的密钥库密码。

I think you just want to overwrite the keystore in etc/keystore with your new one. Then, update the Jetty conf as in Step 4. You will need to obfuscate your keystore password using the org.mortbay.jetty.security.Password class.

蓬勃野心 2024-10-19 14:39:28

还需要遵循一个更微妙的步骤。

即 Jetty 有另一个文件 start.ini,取消注释 jetty-ssl.xml 行以使 SSL 配置处于活动状态。

One more subtle steps that needs to be followed .

i.e Jetty has another file start.ini, un-comment jetty-ssl.xml line to make the SSL configuration active.

橘味果▽酱 2024-10-19 14:39:28

那是我的错。没有注意到还有 jetty-ssl.xml,它使用默认密钥库。将 addConnector 移至 jetty-ssl.xml,并在其中输入正确的密码,现在一切正常。

That was my bad. Didn't notice that there's jetty-ssl.xml also, that used default keystore. Moved addConnector to jetty-ssl.xml, put right passwords there, and everything works now like a charm.

暮凉 2024-10-19 14:39:28

需要注意的是,jetty 的 eclipse 版本的工作方式略有不同 http://www.eclipsezone.com /eclipse/forums/t88098.html

One note, the eclipse version of jetty works a little differently http://www.eclipsezone.com/eclipse/forums/t88098.html

夏了南城 2024-10-19 14:39:28

今天使用 jetty 9.4.34,您希望使用默认密钥库密码 storepwd 和默认私钥密码 keypwd,这样您就不会不必修改配置,并且您拥有通用 PEM 格式的证书/密钥...

tmpcert="/tmp/certkey$RANDOM.pkcs12" ; \
openssl pkcs12 -export -inkey "key.pem" \
        -in "cert.pem" \
        -passout "pass:storepwd" \
        -out "$tmpcert" \
&& \
keytool -importkeystore \
        -srckeystore "$tmpcert" -srcstoretype PKCS12 \
        -srcstorepass storepwd \
        -destkeystore "$JETTY_BASE/etc/keystore" -deststoretype JKS \
        -deststorepass storepwd \
        -destkeypass keypwd ; \
rm "$tmpcert"

这就是您需要导入以提供 SSL 功能的全部内容

因为 JKS 有这

警告:JKS 密钥库使用专有格式。推荐
迁移到 PKCS12,这是一种行业标准格式,使用
...

但是这是唯一可以设置不同的密钥密码的方法,例如为密钥设置keypwd,为密钥库设置storepwd .
对于 pkcs12 存储类型,这种区别是不可能的(至少对于 keytool,执行时会出错)。

对于其余部分(例如修改自己的密码的配置以及生成自己的密码),请参阅 https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html 就可以了。

Today with jetty 9.4.34 and you'd like to use the default keystore password storepwd and default private key password keypwd, so that you don't have to modify the config, and you have cert/key in common PEM format...

tmpcert="/tmp/certkey$RANDOM.pkcs12" ; \
openssl pkcs12 -export -inkey "key.pem" \
        -in "cert.pem" \
        -passout "pass:storepwd" \
        -out "$tmpcert" \
&& \
keytool -importkeystore \
        -srckeystore "$tmpcert" -srcstoretype PKCS12 \
        -srcstorepass storepwd \
        -destkeystore "$JETTY_BASE/etc/keystore" -deststoretype JKS \
        -deststorepass storepwd \
        -destkeypass keypwd ; \
rm "$tmpcert"

That's all you need to import to provide SSL functionality

Because of JKS there is the

Warning: The JKS keystore uses a proprietary format. It is recommended
to migrate to PKCS12 which is an industry standard format using
...

But it is the only possibility to set a different keypass like keypwd for key and storepwd for keystore.
For pkcs12 storetype this distinction is impossible (at least with keytool, there is an error on execution).

For the rest (like config modifications for own passwords, and generating own passwords) the documentation at https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html is ok.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文