|
首先配置好了JAVA_HOME,以及Resin环境。
1:Windows下配置:
修改 $JAVA_HOME/jre/lib/java.security 加入:
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
比如%RESIN_HOME%=D:/java/resin-2.1.4/
在RESIN_HOME下有一个keys目录,然后执行打开DOS窗口执行:
D:/java/resin-2.1.4/>keytool -genkey -keyalg RSA -keystore keys/server.keystore
输入keystore密码: changeit
您的名字与姓氏是什么?
[Unknown]: www.caucho.com
您的组织单位名称是什么?
[Unknown]: mnc corp
您的组织名称是什么?
[Unknown]: mnc
您所在的城市或区域名称是什么?
[Unknown]: beijing
您所在的州或省份名称是什么?
[Unknown]: bj
该单位的两字母国家代码是什么
[Unknown]: cn
CN=www.caucho.com, OU=mnc corp, O=mnc, L=beijing, ST=bj, C=cn 正确吗?
[否]: y 输入<mykey>的主密码
(如果和 keystore 密码相同,按回车): changeit
然后修改resin.conf里面配置:
<caucho.com>
<http-server>
.........
<http port=8443>
<ssl>true</ssl>
<key-store-file>keys/server.keystore</key-store-file>
<key-store-password>changeit</key-store-password>
</http>
然后启动Resin,输入地址浏览:https://ip:8443/xx/xx
浏览器会提示谁发布的证书,一路确认下来就可以了。
English:
Resin's SSL support is provided by Sun's JSSE. Because of export restrictions, patents, etc, you'll need to download the JSSE distribution from Sun or get a commercial JSSE implementation. More complete JSSE installation instructions for JSSE are at http://java.sun.com/products/jsse/install.html. - First download Sun's JSSE.
- Uncompress and extract the downloaded file.
- Install the JSSE jar files: jsse.jar, jnet.jar, and jcert.jar. You can either put them into the CLASSPATH or you can put them into $JAVA_HOME/jre/lib/ext. Since you will use "keytool" with the new jars, you need to make them visible to keytool. Just adding them to resin/lib is not enough.
- Register the JSSE provider (com.sun.net.ssl.internal.ssl.Provider). Modify $JAVA_HOME/jre/lib/java.security so it contains something like:
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
|
Adding the JSSE provider allows "keytool" to create a key using the RSA algorithm.
| Create a test server certificate |
The server certificate is the core of SSL. It will identify your server and contain the secret key to make encryption work. - Sun's keytool
- A self-signed certificate using open_ssl
- A test certificate from Thawte
- A production certificate from one of the certificate authorities (Verisign, Thawte, etc)
In this case, we're using Sun's keytool to generate the server certificate. Here's how: resin1.2.b2> mkdir keys
resin1.2.b2> keytool -genkey -keyalg RSA -keystore keys/server.keystore
Enter keystore password: changeit
What is your first and last name?
[Unknown]: www.caucho.com
What is the name of your organizational unit?
[Unknown]: Resin Engineering
What is the name of your organization?
[Unknown]: Caucho Technology, Inc.
What is the name of your City or Locality?
[Unknown]: San Francisco
What is the name of your State or Province?
[Unknown]: California
What is the two-letter country code for this unit?
[Unknown]: US
Is <CN=www.caucho.com, OU=Resin Engineering,
O="Caucho Technology, Inc.", L=San Francisco, ST=California, C=US> correct?
[no]: yes
Enter key password for <mykey>
(RETURN if same as keystore password): changeit
|
Currently, the key password and the keystore password must be the same. The Resin SSL configuration extends the http configuration with a few new elements. <caucho.com>
<http-server>
<http port=8443>
<ssl>true</ssl>
<key-store-file>keys/server.keystore</key-store-file>
<key-store-password>changeit</key-store-password>
</http>
...
</http-server>
</caucho.com>
|
With the above configuration, you can test SSL with https://localhost:8443. A quick test is the following JSP. | Secure? <%= request.isSecure() %> |
参考文章:http://techdoc.c-bizz.klopotek.de/resin1.2.3/ref/ssl-quick.xtp
http://209.47.15.67/resin-doc/security/ssl.xtp
|