āļŠāļģāļŦāļĢāļąāļšāļ—āđˆāļēāļ™āļ—āļĩāđˆāđƒāļŠāđ‰āļ‡āļēāļ™Â Jetty Server , Base on Tomcat āļŠāļēāļĄāļēāļĢāļ–āļ•āļīāļ”āļ•āļąāđ‰āļ‡ SSL Certificate āđ„āļ”āđ‰āļ”āļąāļ‡āļ™āļĩāđ‰

1. āļ—āļģāļāļēāļĢ Create Keystore 

keytool -genkey -alias {alias_name} -keyalg RSA -keysize 2048 -keystore extra_keystore.jks -storepass changeit

2. āļ—āļģāļāļēāļĢ Generate CSR

keytool -certreq -alias {alias_name} -file CSR.txt -keystore extra_keystore.jks

3. āļ—āļģāļāļēāļĢāđāļ›āļĨāļ‡ SSL Certificate (PEM) to p7b

openssl crl2pkcs7 -nocrl -certfile domain_certificate.crt -certfile CARootCertificate-ca.crt -out certificate.p7b 

4. āļ—āļģāļāļēāļĢ import p7b to keystore (jks)

keytool -import -trustcacerts -alias {alias_name} -file certificate.p7b -keystore extra_keystore.jks

5. āļ•āļĢāļ§āļˆāļŠāļ­āļšāļ„āļ§āļēāļĄāļ–āļđāļāļ•āđ‰āļ­āļ‡āļ‚āļ­āļ‡ keystore

keytool -list -v -keystore extra_keystore.jks  > output.txt
  • āļ—āļģāļāļēāļĢāļ•āļĢāļ§āļˆāļŠāļ­āļš owner ssl file (chown user:user extra_keystore.jks)
  • netstat -an | grep 8443
  • openssl s_client -connect domain.com:8443

Restart Service

  • svcadm disable jetty-prod &&  svcadm enable jetty-prod

āļĒāđ‰āļēāļĒ extra_keystore.jks āđ„āļ›āļĒāļąāļ‡āđ‚āļŸāļĨāđ€āļ”āļ­āļĢāđŒāđ‚āļ”āđ€āļĄāļ™āļ‚āļ­āļ‡āļ—āđˆāļēāļ™āđ€āļŠāđˆāļ™

  •  /opt/hris/prod/jetty/webapps

āļŦāļēāļāļ•āđ‰āļ­āļ‡āļāļēāļĢ redirect http to https āđƒāļŦāđ‰āđāļāđ‰āđ„āļ‚ āđāļĨāļ°āđ€āļžāļīāđˆāļĄ

  • nano /opt/hris/prod/jetty/webapps/ROOT/WEB-INF/web.xml
	<security-constraint>
	  <web-resource-collection>
	    <web-resource-name>Everything</web-resource-name>
	    <url-pattern>/*</url-pattern>
	  </web-resource-collection>
	  <user-data-constraint>
	    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
	  </user-data-constraint>
	</security-constraint>

āļŦāļēāļāļ•āđ‰āļ­āļ‡āļāļēāļĢāļĨāļš keystore

keytool -delete -alias {alias_name} -keystore keystore.jks -storepass {keystore_password}

āļŦāļēāļāļ•āđ‰āļ­āļ‡āļāļēāļĢ Generate OBF::Password

 java -cp /opt/jetty/jetty-distribution-latest-version/lib/jetty-util-9.4.22.v20191022.jar  org.eclipse.jetty.util.security.Password {YOUR_PASSWORD} password_to_encrypt

 

Note āļ­āļ·āđˆāļ™āđ†

  • /opt/jetty/jetty-distribution-latest-version/etc/ssl
  • /opt/hris/prod/jetty/start.d

 

āđ„āļ­āđ€āļĢāļĩāļĒāļĨāļĨāļĩāđˆāđ‚āļŪāļŠ
āļŠāļģāļŦāļĢāļąāļšāļāļēāļĢāļŠāļ™āļąāļšāļŠāļ™āļļāļ™ āđāļĨāļ°āļŠāđˆāļ§āļĒāđ€āļŦāļĨāļ·āļ­
http://www.ireallyhost.com/support

 

 

 

 

āļ‚āđ‰āļ­āļāļģāļŦāļ™āļ”āđƒāļ™āļāļēāļĢāđ€āļœāļĒāđāļžāļĢāđˆāļšāļ—āļ„āļ§āļēāļĄ āļ‚āđˆāļēāļ§āļŠāļēāļĢ
** āļšāļ—āļ„āļ§āļēāļĄāļ™āļĩāđ‰āļĄāļĩāļĨāļīāļ‚āļŠāļīāļ—āļ˜āļīāđŒ āđ„āļĄāđˆāļ­āļ™āļļāļāļēāļ•āļīāđƒāļŦāđ‰āļ„āļąāļ”āļĨāļ­āļ āļ—āļģāļ‹āđ‰āļģ āļ”āļąāļ”āđāļ›āļĨāļ‡āļāđˆāļ­āļ™āđ„āļ”āđ‰āļĢāļąāļšāļ­āļ™āļļāļāļēāļ• **
āđ‚āļ›āļĢāļ”āļĢāļ°āļšāļļāđāļŦāļĨāđˆāļ‡āļ—āļĩāđˆāļĄāļē āļšāļĢāļīāļĐāļąāļ— āđ€āļ­āđ‡āļāļ‹āđŒāļ•āļĢāđ‰āļē āļ„āļ­āļĢāđŒāļ›āļ­āđ€āļĢāļŠāļąāđˆāļ™ āļˆāļģāļāļąāļ” / https://www.ireallyhost.com
āļ—āļąāđˆāļ§āđ„āļ›
āļ„āļđāđˆāļĄāļ·āļ­ / āļ§āļīāļ˜āļĩāļāļēāļĢāļ•āļīāļ”āļ•āļąāđ‰āļ‡ SSL Certificate āļŠāļģāļŦāļĢāļąāļš cPanel Web Control Panel
āļšāļĢāļīāļāļēāļĢ SSL Certificate - āđ‚āļ”āļĒāđ„āļ­āđ€āļĢāļĩāļĒāļĨāļĨāļĩāđˆāđ‚āļŪāļŠ