在Undertow中启用HTTPS [英] Enabling HTTPS in Undertow
问题描述
我们有一个有效的Apache mod_ssl配置。我想为Undertow启用HTTPS支持,以便它同时监听http和https,从而避免了对Apache的需求。
We have a working Apache mod_ssl configuration. I want to enable HTTPS support for Undertow, so that it listens for both http and https, thus obviating the need for Apache.
我查看了Undertow的javadoc。 Undertow.Builder类有两个带有以下签名的addHttpsListener方法:
I've looked into Undertow's javadocs. The Undertow.Builder class has two addHttpsListener methods with the following signatures:
public Builder addHttpsListener(int port, String host,
KeyManager[] keyManagers, TrustManager[] trustManagers);
public Builder addHttpsListener(int port, String host,
SSLContext sslContext) {
所以我似乎可以在使用Builder API引导Undertow时使用这些,例如
So it seems I can use these when bootstrapping Undertow using the Builder API, e.g.
Undertow server = Undertow.builder()
.addHttpsListener(8443, "localhost", sslContext)
.build();
我不确定如何创建SSLContext变量,或者如何配置KeyManagers和TrustManagers。
拥有mod_ssl正在使用的证书文件,如何继续为Undertow启用HTTPS?
I'm not sure though how to create the SSLContext variable, or how to configure KeyManagers and TrustManagers. Having the certificate files that are in use by mod_ssl, how can I proceed then with enabling HTTPS for Undertow?
更新:
根据hwellmann的回答,我重复使用 SslContextFactory.createSslContext()
方法。在此之前,我必须将我的公钥/私钥对转换为PKCS12格式并将其导入Java密钥库。
Per hwellmann's answer, I've reused SslContextFactory.createSslContext()
method. Before that, I had to convert my public/private key pair into PKCS12 format and import that into Java keystore.
提供SSL转换转换/导入命令(取自< a href =https://cheapsslsecurity.com/blog/various-types-ssl-commands-keytool/\"rel =nofollow>这里和这里)希望这些对任何人都有用:
Giving the SSL conversion conversion/import commands (taken from here and here) below, hopefully these will be useful to anyone:
# Convert to PKCS12
$ openssl pkcs12 -export -out output_cert.pfx -inkey input_cert.key -in input_cert.crt -certfile intermediate.crt
# Import into Java keystore
$ keytool -v -importkeystore -srckeystore output_cert.pfx -srcstoretype PKCS12 -destkeystore output_store.jks -deststoretype JKS
推荐答案
这不是特定于Undertow的,它只是构建SSL的问题来自密钥库的上下文证书。
This is not really Undertow-specific, it's just a question of building an SSL context from a keystore with a certificate.
参见 SslContextFactory.java
与Undertow一起使用的示例。
See SslContextFactory.java
for an example used with Undertow.
这篇关于在Undertow中启用HTTPS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!