当前位置：首页 > news >正文

基于Jetty9的Geoserver配置https证书

news 2025/8/5 16:36:17

1.环境准备

由于Geoserver自带的jetty版本不具备https模块，所以需要下载完整版本jetty。这里需要先查看本地geoserver对应的jetty版本，进入geoserver安装目录，执行如下命令。

java -jar start.jar --version
Jetty Server Classpath:
-----------------------
Version Information on 37 entries in the classpath.
Note: order presented here is how they would appear on the classpath.changes to the --module=name command line options will be reflected here.0:      1.4.1.v201005082020 | ${jetty.base}\lib\mail\javax.mail.glassfish-1.4.1.v201005082020.jar1:                    (dir) | ${jetty.base}\resources2:                    3.1.0 | ${jetty.base}\lib\servlet-api-3.1.jar3:                 3.1.0.M0 | ${jetty.base}\lib\jetty-schemas-3.1.jar4:         9.4.48.v20220622 | ${jetty.base}\lib\jetty-http-9.4.48.v20220622.jar5:         9.4.48.v20220622 | ${jetty.base}\lib\jetty-server-9.4.48.v20220622.jar6:         9.4.48.v20220622 | ${jetty.base}\lib\jetty-xml-9.4.48.v20220622.jar7:         9.4.48.v20220622 | ${jetty.base}\lib\jetty-util-9.4.48.v20220622.jar8:         9.4.48.v20220622 | ${jetty.base}\lib\jetty-io-9.4.48.v20220622.jar9:         9.4.48.v20220622 | ${jetty.base}\lib\jetty-jndi-9.4.48.v20220622.jar
10:         9.4.48.v20220622 | ${jetty.base}\lib\jetty-security-9.4.48.v20220622.jar
11:                      1.3 | ${jetty.base}\lib\transactions\javax.transaction-api-1.3.jar
12:         9.4.48.v20220622 | ${jetty.base}\lib\jetty-servlet-9.4.48.v20220622.jar
13:         9.4.48.v20220622 | ${jetty.base}\lib\jetty-webapp-9.4.48.v20220622.jar
14:         9.4.48.v20220622 | ${jetty.base}\lib\jetty-plus-9.4.48.v20220622.jar
15:         9.4.48.v20220622 | ${jetty.base}\lib\jetty-annotations-9.4.48.v20220622.jar
16:                      9.3 | ${jetty.base}\lib\annotations\asm-9.3.jar
17:                      9.3 | ${jetty.base}\lib\annotations\asm-analysis-9.3.jar
18:                      9.3 | ${jetty.base}\lib\annotations\asm-commons-9.3.jar
19:                      9.3 | ${jetty.base}\lib\annotations\asm-tree-9.3.jar
20:                    1.3.2 | ${jetty.base}\lib\annotations\javax.annotation-api-1.3.2.jar
21:    3.19.0.v20190903-0936 | ${jetty.base}\lib\apache-jsp\org.eclipse.jdt.ecj-3.19.0.jar
22:         9.4.48.v20220622 | ${jetty.base}\lib\apache-jsp\org.eclipse.jetty.apache-jsp-9.4.48.v20220622.jar
23:                   8.5.70 | ${jetty.base}\lib\apache-jsp\org.mortbay.jasper.apache-el-8.5.70.jar
24:                   8.5.70 | ${jetty.base}\lib\apache-jsp\org.mortbay.jasper.apache-jsp-8.5.70.jar
25:                    1.2.5 | ${jetty.base}\lib\apache-jstl\org.apache.taglibs.taglibs-standard-impl-1.2.5.jar
26:                    1.2.5 | ${jetty.base}\lib\apache-jstl\org.apache.taglibs.taglibs-standard-spec-1.2.5.jar
27:         9.4.48.v20220622 | ${jetty.base}\lib\jetty-client-9.4.48.v20220622.jar
28:         9.4.48.v20220622 | ${jetty.base}\lib\jetty-deploy-9.4.48.v20220622.jar
29:                      1.0 | ${jetty.base}\lib\websocket\javax.websocket-api-1.0.jar
30:         9.4.48.v20220622 | ${jetty.base}\lib\websocket\javax-websocket-client-impl-9.4.48.v20220622.jar
31:         9.4.48.v20220622 | ${jetty.base}\lib\websocket\javax-websocket-server-impl-9.4.48.v20220622.jar
32:         9.4.48.v20220622 | ${jetty.base}\lib\websocket\websocket-api-9.4.48.v20220622.jar
33:         9.4.48.v20220622 | ${jetty.base}\lib\websocket\websocket-client-9.4.48.v20220622.jar
34:         9.4.48.v20220622 | ${jetty.base}\lib\websocket\websocket-common-9.4.48.v20220622.jar
35:         9.4.48.v20220622 | ${jetty.base}\lib\websocket\websocket-server-9.4.48.v20220622.jar
36:         9.4.48.v20220622 | ${jetty.base}\lib\websocket\websocket-servlet-9.4.48.v20220622.jar

可以看到当前的jetty版本为9.4.48.v20220622,点击下载jetty。
jetty的zip包下包含如下文件：

 dir目录: C:\Users\liang\Desktop\jetty-distribution-9.4.48.v20220622
Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
d-----          2023/9/9     12:29                bin
d-----          2023/9/9     12:29                demo-base
d-----          2023/9/9     12:29                etc
d-----          2023/9/9     12:29                lib
d-----          2023/9/9     12:29                logs
d-----          2023/9/9     12:29                modules
d-----         2022/6/21     15:53                resources
d-----          2023/9/9     12:29                webapps
------         2022/6/21     15:53          30012 license-eplv10-aslv20.html
------         2022/6/21     15:53           6262 notice.html
------         2022/6/21     15:53           1638 README.TXT
------         2022/6/21     15:53           6243 start.ini
------         2022/6/21     15:53         163553 start.jar
------         2022/6/21     15:53         553587 VERSION.txt

我们需要将etc、lib、modules三个文件夹拷贝到geoserver对应的目录中。

2. 添加https模块

进入的geoserver的目录，当前目录包含start.jar文件，执行如下命令添加https模块

java -jar start.jar --add-to-start=ssl
java -jar start.jar --add-to-start=https

查看当前jetty加载模块：

java -jar start.jar --list-modules

当然，我们也可以通过start.ini文件查看模块加载情况

# --------------------------------------- 
# Module: ssl
# Enables a TLS(SSL) Connector on the server.
# This may be used for HTTPS and/or HTTP2 by enabling
# the associated support modules.
# --------------------------------------- 
--module=ssl### TLS(SSL) Connector Configuration## Connector host/address to bind to
# jetty.ssl.host=0.0.0.0## Connector port to listen on
jetty.ssl.port=8081
...(此处省略N行)
# --------------------------------------- 
# Module: https
# Adds HTTPS protocol support to the TLS(SSL) Connector
# --------------------------------------- 
--module=https

此时，我们是通过https访问geoserver服务，默认端口为8443。只不过浏览器会有个安全的弹出框。

3. 配置证书

Jetty 需要使用的Key文件为keystore，而各大服务商申请的Key文件一般为pem等文件。因此我们需要对其做一下转换。

3.1 将pfx格式证书转换为jks格式证书

keytool -importkeystore -srckeystore surpass.pfx -destkeystore surpass.jks -srcstoretype

3.2 将jks格式证书转换为p12格式证书

package com.surpass;import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.util.Enumeration;/*** 证书转换* @author surpassliang* @date 2023/9/9 12:45*/
public class CertConvert {// 证书格式public static final String JKS = "JKS";public static final String PKCS12 = "PKCS12";/*** 证书和路径*/public static final String KEYSTORE_PASSWORD = "123456";/*** 证书别名*/public static final String CERT_ALIAS = "client";public static void main(String[] args) {if (args.length < 2) {System.out.println("参数不足，包含输入和输出参数");}//jksString inputKeystore = args[0];//p12String outputKeystore = args[1];try (FileInputStream fis = new FileInputStream(inputKeystore);FileOutputStream out = new FileOutputStream(outputKeystore)) {KeyStore inputKeyStore = KeyStore.getInstance(JKS);char[] nPassword = KEYSTORE_PASSWORD.toCharArray();inputKeyStore.load(fis, nPassword);KeyStore outputKeyStore = KeyStore.getInstance(PKCS12);outputKeyStore.load(null, KEYSTORE_PASSWORD.toCharArray());Enumeration<String> enumStars = inputKeyStore.aliases();while (enumStars.hasMoreElements()) {String keyAlias = enumStars.nextElement();if (inputKeyStore.isKeyEntry(keyAlias)) {Key key = inputKeyStore.getKey(keyAlias, nPassword);Certificate[] certChain = inputKeyStore.getCertificateChain(keyAlias);outputKeyStore.setKeyEntry(CERT_ALIAS, key, KEYSTORE_PASSWORD.toCharArray(), certChain);}}outputKeyStore.store(out, nPassword);System.out.println("转换完成....");} catch (Exception e) {System.out.println(e.getMessage());}}
}

3.3 将p12证书格式转换为 keystore文件格式

keytool -importkeystore -v -srckeystore surpass.p12 -srcstoretype pkcs12 -srcstorepass 123456 -destkeystore 你的证书.keystore -deststoretype jks -deststorepass 123456

3.4 将证书放到指定位置。

4. 配置证书

打开start.ini文件，找到如下位置，修改证书路径

jetty.keystore=etc/cert/ 你的证书.keystore
jetty.truststore=etc/cert/你的证书.keystore
jetty.keystore.password= 123456
jetty.keymanager.password= 123456
jetty.truststore.password= 123456