使用certbot安装Glassfish SSL [英] Glassfish ssl installation with certbot
问题描述
我是Glassfish和ssl的新手.我正在使用ubuntu 14.04服务器并下载了certbot.由于certbot自动化不支持glassfish服务器,因此我安装了certbot-auto独立服务器,并获取了新的证书文件(cert1.pem chain1.pem fullchain1.pem privkey1.pem).我在线上看到了一些有关在glassfish上安装ssl的教程,但与certbot .pem证书无关.是否有关于如何使用生成的letencrypt(.pem)证书安装glassfish ssl的很好的教程或说明,我可以遵循.
预先感谢
教程上的Let's Encrypt,Glassfish和AWS EC2.
突出显示关键点(如果链接不再有效):
它遵循其网站上描述的certbot文档
certbot certonly --manual -d example.com 然后是重要的部分玻璃鱼
在Glassfish上安装证书
Glassfish有一个名为keystore.jks的文件,您需要在其中添加先前创建的证书和密钥.该文件应位于:
< AS_HOME>/domains/domain1/config/keystore.jks ,默认密码为"changeit"
将两个文件添加到密钥库是一个两步过程:将目录更改为glassfish配置目录
cd< AS_HOME>/domains/domain1/config/ 从2个文件中创建密钥库
创建一个包含完整链和私钥的.pkcs12文件
openssl pkcs12-导出-in fullchain.pem -inkey privkey.pem -out pkcs.p12 -name letsencryptcrt 您将为此文件设置密码,您需要在下一步中指定密码(STORE_PASS).
将PKCS12转换为密钥库
keytool -importkeystore -deststorepass PASSWORD_STORE -destkeypass PASSWORD_KEYPASS -destkeystore letsencrypt.jks -srckeystore pkcs.p12 -srcstoretype PKCS12 -srcstorepass STORE_PASS -alias letsencryptcrt 我建议将所有这些密码(PASSWORD_STORE,PASSWORD_KEYPASS和STORE_PASS)设置为与原始密钥库相同.jks的密码是因为在下一点,源密钥库和目标密钥库的密码必须相同.>
将创建的密钥库导入Glassfish的密钥库
keytool -importkeystore -srckeystore letsencrypt.jks -destkeystore keystore.jks 当然,在运行所有这些命令时,请考虑到当前目录,确保所有引用文件的路径都是正确的.
配置Glassfish HTTPS侦听器
现在已完成所有设置,您只需登录Glassfish管理控制台并设置适当的HTTP侦听器即可.
Glassfish在
下预定义了3个HTTP侦听器配置>服务器配置> HTTP服务> HTTP侦听器.
http-listener-2是用于HTTPS的一种.需要完成以下2项设置:
将端口设置为443(HTTPS端口)在"SSL"选项卡中,将证书昵称"设置为letsencryptcrt,将密钥存储"设置为keystore.jks. 点击保存",重新启动Glassfish实例,您就完成了.现在,您应该可以通过 https://example.com/ ...
I am new to glassfish and ssl. I am using a ubuntu 14.04 server and downloaded certbot. Since glassfish server is not supported by certbot automation, i installed a certbot-auto standalone and got my new certificate files (cert1.pem chain1.pem fullchain1.pem privkey1.pem). I saw some tutorials online about installing ssl on glassfish but nothing related to certbot .pem certificates. Is there a good tutorial or instructions about installing glassfish ssl with the generated letsencrypt (.pem) certificates that i can follow.
Thanks in advance
Here is a good tutorial on Let's Encrypt, Glassfish and AWS EC2.
To highlight the keypoints(in case the link in not valid anymore):
It follows the certbot documentation described on their website upto
certbot certonly --manual -d example.com
Then comes the important part w.r.t. glassfish
Installing the certificate on Glassfish
Glassfish has a file called keystore.jks, where you need to add the certificate and key which were previously created. The file should be located at:
<AS_HOME>/domains/domain1/config/keystore.jks
and the default password for it is 'changeit'
Adding the two files to the keystore is a 2-step process: Change directory to glassfish config directory
cd <AS_HOME>/domains/domain1/config/
Create a keystore from the 2 files
Create a .pkcs12 file containing full chain and private key
openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out pkcs.p12 -name letsencryptcrt
You will set a password for this file, which you will need to specify at the next step (STORE_PASS).
Convert PKCS12 to Keystore
keytool -importkeystore -deststorepass PASSWORD_STORE -destkeypass PASSWORD_KEYPASS -destkeystore letsencrypt.jks -srckeystore pkcs.p12 -srcstoretype PKCS12 -srcstorepass STORE_PASS -alias letsencryptcrt
I would recommend setting all these passwords (PASSWORD_STORE, PASSWORD_KEYPASS and STORE_PASS) the same as the original keystore.jks’s password since, at the next point, the passwords of the source and destination keystores’ have to be the same.
Import the created keystore into Glassfish’s keystore
keytool -importkeystore -srckeystore letsencrypt.jks -destkeystore keystore.jks
Of course, make sure the paths to all the referenced files are correct, taking into account the current directory, when you are running all these commands.
Configuring the Glassfish HTTPS listener
Now that everything is setup, all you need to do is log into the Glassfish Admin Console and set the appropriate HTTP Listener.
Glassfish has 3 HTTP listeners predefined, under
Configuration > server-config > HTTP Service > HTTP Listeners.
http-listener-2 is the one for HTTPS. The following 2 settings need to be done:
Set the port to 443 (HTTPS port)
In the SSL tab, set the Certificate NickName to letsencryptcrt and the Key Store to keystore.jks
Click "Save", restart the Glassfish instance and you’re done. You should now be able to access any deployed application via https://example.com/...
这篇关于使用certbot安装Glassfish SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
