-
基于Jetty9的Geoserver配置https证书
1.环境准备
由于Geoserver自带的jetty版本不具备https模块,所以需要下载完整版本jetty。这里需要先查看本地geoserver对应的jetty版本,进入geoserver安装目录,执行如下命令。
java -jar start.jar --version Jetty Server Classpath: ----------------------- Version Information on 37 entries in the classpath. Note: order presented here is how they would appear on the classpath. changes to the --module=name command line options will be reflected here. 0: 1.4.1.v201005082020 | ${jetty.base}\lib\mail\javax.mail.glassfish-1.4.1.v201005082020.jar 1: (dir) | ${jetty.base}\resources 2: 3.1.0 | ${jetty.base}\lib\servlet-api-3.1.jar 3: 3.1.0.M0 | ${jetty.base}\lib\jetty-schemas-3.1.jar 4: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-http-9.4.48.v20220622.jar 5: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-server-9.4.48.v20220622.jar 6: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-xml-9.4.48.v20220622.jar 7: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-util-9.4.48.v20220622.jar 8: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-io-9.4.48.v20220622.jar 9: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-jndi-9.4.48.v20220622.jar 10: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-security-9.4.48.v20220622.jar 11: 1.3 | ${jetty.base}\lib\transactions\javax.transaction-api-1.3.jar 12: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-servlet-9.4.48.v20220622.jar 13: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-webapp-9.4.48.v20220622.jar 14: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-plus-9.4.48.v20220622.jar 15: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-annotations-9.4.48.v20220622.jar 16: 9.3 | ${jetty.base}\lib\annotations\asm-9.3.jar 17: 9.3 | ${jetty.base}\lib\annotations\asm-analysis-9.3.jar 18: 9.3 | ${jetty.base}\lib\annotations\asm-commons-9.3.jar 19: 9.3 | ${jetty.base}\lib\annotations\asm-tree-9.3.jar 20: 1.3.2 | ${jetty.base}\lib\annotations\javax.annotation-api-1.3.2.jar 21: 3.19.0.v20190903-0936 | ${jetty.base}\lib\apache-jsp\org.eclipse.jdt.ecj-3.19.0.jar 22: 9.4.48.v20220622 | ${jetty.base}\lib\apache-jsp\org.eclipse.jetty.apache-jsp-9.4.48.v20220622.jar 23: 8.5.70 | ${jetty.base}\lib\apache-jsp\org.mortbay.jasper.apache-el-8.5.70.jar 24: 8.5.70 | ${jetty.base}\lib\apache-jsp\org.mortbay.jasper.apache-jsp-8.5.70.jar 25: 1.2.5 | ${jetty.base}\lib\apache-jstl\org.apache.taglibs.taglibs-standard-impl-1.2.5.jar 26: 1.2.5 | ${jetty.base}\lib\apache-jstl\org.apache.taglibs.taglibs-standard-spec-1.2.5.jar 27: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-client-9.4.48.v20220622.jar 28: 9.4.48.v20220622 | ${jetty.base}\lib\jetty-deploy-9.4.48.v20220622.jar 29: 1.0 | ${jetty.base}\lib\websocket\javax.websocket-api-1.0.jar 30: 9.4.48.v20220622 | ${jetty.base}\lib\websocket\javax-websocket-client-impl-9.4.48.v20220622.jar 31: 9.4.48.v20220622 | ${jetty.base}\lib\websocket\javax-websocket-server-impl-9.4.48.v20220622.jar 32: 9.4.48.v20220622 | ${jetty.base}\lib\websocket\websocket-api-9.4.48.v20220622.jar 33: 9.4.48.v20220622 | ${jetty.base}\lib\websocket\websocket-client-9.4.48.v20220622.jar 34: 9.4.48.v20220622 | ${jetty.base}\lib\websocket\websocket-common-9.4.48.v20220622.jar 35: 9.4.48.v20220622 | ${jetty.base}\lib\websocket\websocket-server-9.4.48.v20220622.jar 36: 9.4.48.v20220622 | ${jetty.base}\lib\websocket\websocket-servlet-9.4.48.v20220622.jar- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
可以看到当前的jetty版本为
9.4.48.v20220622,点击下载jetty。
jetty的zip包下包含如下文件:dir 目录: C:\Users\liang\Desktop\jetty-distribution-9.4.48.v20220622 Mode LastWriteTime Length Name ---- ------------- ------ ---- d----- 2023/9/9 12:29 bin d----- 2023/9/9 12:29 demo-base d----- 2023/9/9 12:29 etc d----- 2023/9/9 12:29 lib d----- 2023/9/9 12:29 logs d----- 2023/9/9 12:29 modules d----- 2022/6/21 15:53 resources d----- 2023/9/9 12:29 webapps ------ 2022/6/21 15:53 30012 license-eplv10-aslv20.html ------ 2022/6/21 15:53 6262 notice.html ------ 2022/6/21 15:53 1638 README.TXT ------ 2022/6/21 15:53 6243 start.ini ------ 2022/6/21 15:53 163553 start.jar ------ 2022/6/21 15:53 553587 VERSION.txt- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
我们需要将
etc、lib、modules三个文件夹拷贝到geoserver对应的目录中。2. 添加https模块
进入的geoserver的目录,当前目录包含start.jar文件,执行如下命令添加https模块
java -jar start.jar --add-to-start=ssl java -jar start.jar --add-to-start=https- 1
- 2
查看当前jetty加载模块:
java -jar start.jar --list-modules- 1
当然,我们也可以通过
start.ini文件查看模块加载情况# --------------------------------------- # Module: ssl # Enables a TLS(SSL) Connector on the server. # This may be used for HTTPS and/or HTTP2 by enabling # the associated support modules. # --------------------------------------- --module=ssl ### TLS(SSL) Connector Configuration ## Connector host/address to bind to # jetty.ssl.host=0.0.0.0 ## Connector port to listen on jetty.ssl.port=8081 ...(此处省略N行) # --------------------------------------- # Module: https # Adds HTTPS protocol support to the TLS(SSL) Connector # --------------------------------------- --module=https- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
此时,我们是通过https访问geoserver服务,默认端口为8443。只不过浏览器会有个安全的弹出框。
3. 配置证书
Jetty 需要使用的Key文件为keystore,而各大服务商申请的Key文件一般为pem等文件。因此我们需要对其做一下转换。
3.1 将pfx格式证书转换为jks格式证书
keytool -importkeystore -srckeystore surpass.pfx -destkeystore surpass.jks -srcstoretype- 1
3.2 将jks格式证书转换为p12格式证书
package com.surpass; import java.io.FileInputStream; import java.io.FileOutputStream; import java.security.Key; import java.security.KeyStore; import java.security.cert.Certificate; import java.util.Enumeration; /** * 证书转换 * @author surpassliang * @date 2023/9/9 12:45 */ public class CertConvert { // 证书格式 public static final String JKS = "JKS"; public static final String PKCS12 = "PKCS12"; /** * 证书和路径 */ public static final String KEYSTORE_PASSWORD = "123456"; /** * 证书别名 */ public static final String CERT_ALIAS = "client"; public static void main(String[] args) { if (args.length < 2) { System.out.println("参数不足,包含输入和输出参数"); } //jks String inputKeystore = args[0]; //p12 String outputKeystore = args[1]; try (FileInputStream fis = new FileInputStream(inputKeystore); FileOutputStream out = new FileOutputStream(outputKeystore)) { KeyStore inputKeyStore = KeyStore.getInstance(JKS); char[] nPassword = KEYSTORE_PASSWORD.toCharArray(); inputKeyStore.load(fis, nPassword); KeyStore outputKeyStore = KeyStore.getInstance(PKCS12); outputKeyStore.load(null, KEYSTORE_PASSWORD.toCharArray()); Enumeration<String> enumStars = inputKeyStore.aliases(); while (enumStars.hasMoreElements()) { String keyAlias = enumStars.nextElement(); if (inputKeyStore.isKeyEntry(keyAlias)) { Key key = inputKeyStore.getKey(keyAlias, nPassword); Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias); outputKeyStore.setKeyEntry(CERT_ALIAS, key, KEYSTORE_PASSWORD.toCharArray(), certChain); } } outputKeyStore.store(out, nPassword); System.out.println("转换完成...."); } catch (Exception e) { System.out.println(e.getMessage()); } } }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
3.3 将p12证书格式转换为 keystore文件格式
keytool -importkeystore -v -srckeystore surpass.p12 -srcstoretype pkcs12 -srcstorepass 123456 -destkeystore 你的证书.keystore -deststoretype jks -deststorepass 123456- 1
3.4 将证书放到指定位置。
4. 配置证书
打开
start.ini文件,找到如下位置,修改证书路径jetty.keystore=etc/cert/ 你的证书.keystore jetty.truststore=etc/cert/你的证书.keystore jetty.keystore.password= 123456 jetty.keymanager.password= 123456 jetty.truststore.password= 123456- 1
- 2
- 3
- 4
- 5
5.重启服务即可
-
相关阅读:
npm报证书过期 certificate has expired问题(已解决)
windows 自动重启监控
OrangPi PC 安装Lakka游戏系统及使用指南
话术-思维
MACOS查看硬盘读写量
EssilorLuxottica借助Boomi的智能集成平台实现订单处理的现代化
特斯拉人形机器人『擎天柱』将亮相AI DAY;Go语言绝美图文教程;正则表达式的救星网站;食品Logo检测数据集;前沿论文 | ShowMeAI资讯日报
遥感之特征选择-禁忌搜索算法
解决vue ui无法远程访问的问题
Java线程池基本原理
- 原文地址:https://blog.csdn.net/oYinHeZhiGuang/article/details/132775991
