在Undertow中启用HTTPS [英] Enabling HTTPS in Undertow

问题描述

我们有一个有效的Apache mod_ssl配置。我想为Undertow启用HTTPS支持，以便它同时监听http和https，从而避免了对Apache的需求。

We have a working Apache mod_ssl configuration. I want to enable HTTPS support for Undertow, so that it listens for both http and https, thus obviating the need for Apache.

我查看了Undertow的javadoc。 Undertow.Builder类有两个带有以下签名的addHttpsListener方法：

I've looked into Undertow's javadocs. The Undertow.Builder class has two addHttpsListener methods with the following signatures:

   public Builder addHttpsListener(int port, String host, 
       KeyManager[] keyManagers, TrustManager[] trustManagers);
   public Builder addHttpsListener(int port, String host,
       SSLContext sslContext) {

所以我似乎可以在使用Builder API引导Undertow时使用这些，例如

So it seems I can use these when bootstrapping Undertow using the Builder API, e.g.

Undertow server = Undertow.builder()
                    .addHttpsListener(8443, "localhost", sslContext)
                    .build();

我不确定如何创建SSLContext变量，或者如何配置KeyManagers和TrustManagers。
拥有mod_ssl正在使用的证书文件，如何继续为Undertow启用HTTPS？

I'm not sure though how to create the SSLContext variable, or how to configure KeyManagers and TrustManagers. Having the certificate files that are in use by mod_ssl, how can I proceed then with enabling HTTPS for Undertow?

更新：

根据hwellmann的回答，我重复使用 SslContextFactory.createSslContext（）方法。在此之前，我必须将我的公钥/私钥对转换为PKCS12格式并将其导入Java密钥库。

Per hwellmann's answer, I've reused SslContextFactory.createSslContext() method. Before that, I had to convert my public/private key pair into PKCS12 format and import that into Java keystore.

提供SSL转换转换/导入命令（取自< a href =https://cheapsslsecurity.com/blog/various-types-ssl-commands-keytool/\"rel =nofollow>这里和这里）希望这些对任何人都有用：

Giving the SSL conversion conversion/import commands (taken from here and here) below, hopefully these will be useful to anyone:

# Convert to PKCS12    
$ openssl pkcs12 -export -out output_cert.pfx -inkey input_cert.key -in input_cert.crt -certfile intermediate.crt

# Import into Java keystore
$ keytool -v -importkeystore -srckeystore output_cert.pfx -srcstoretype PKCS12 -destkeystore output_store.jks -deststoretype JKS

推荐答案

这不是特定于Undertow的，它只是构建SSL的问题来自密钥库的上下文证书。

This is not really Undertow-specific, it's just a question of building an SSL context from a keystore with a certificate.

参见 SslContextFactory.java 与Undertow一起使用的示例。

See SslContextFactory.java for an example used with Undertow.

这篇关于在Undertow中启用HTTPS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！