一、验证resin是否支持openssl,只要看启动日志就知道了。是否包含openssl
resin本身调用jni,如果编译后添加支持,可以优化resin性能,所以我编译的参数加了jni
Using Resin(R) Open Source under the GNU Public License (GPL). See http://www.caucho.com for information on Resin Professional, including caching, clustering, JNI acceleration, and OpenSSL integration.
二、需要openssl,resin 本身需要编译支持openssl
yum install openssl openssl-devel -y cd resin-4.0.44 ./configure --prefix=/usr/local/resin4.0.44 --enable-64bit --enable-ssl --with-openssl=/usr/ make make install
三、编写env.sh
每个项目都可以有自己的env,这样服务器可以有多个Java版本,多个resin
JAVA_HOME=/usr/java/jdk1.6.0_33 PATH=$JAVA_HOME/bin:$PATH export JAVA_HOME PATH RESIN_HOME=/usr/local/resin4.0.44 export RESIN_HOME SERVER_ROOT=/home/项目名 LD_LIBRARY_PATH=$RESIN_HOME/lib #LD_LIBRARY_PATH=$SERVER_ROOT/etc CLASSPATH=$LD_LIBRARY_PATH:$CLASSPATH export SERVER_ROOT LD_LIBRARY_PATH CLASSPATH ## for linux #LANG=en_US.iso88591 LANG=zh_CN.gbk export LANG
四、删除多余的配置文件
删除cluster-default.xml health.xml 这都是pro版才有的功能
五、上传证书
将生成的csr key或者jks证书上传到 resin/keys 目录下,keys目录如果没有就自己建个
六、修改resin.xml
<http port="443"> <openssl> <certificate-key-file>keys/your_domain.key</certificate-key-file> <certificate-file>keys/your_domain.crt</certificate-file> <certificate-chain-file>keys/chain.txt</certificate-chain-file> <password>test123</password> <protocol>-sslv3</protocol> </openssl> </http>
jks
<http port="8443"> <jsse-ssl> <key-store-type>jks</key-store-type> <key-store-file>keys/server.keystore</key-store-file> <password>changeit</password> </jsse-ssl> </http> </server-default>
七、或者不动resin.xml,修改resin.properties
# OpenSSL certificate configuration # Keys are typically stored in the resin configuration directory. # openssl_file : keys/test.crt # openssl_key : keys/test.key # openssl_password : changeme # openssl_protocols : -sslv2 -sslv3 # JSSE certificate configuration # Keys are typically stored in the resin configuration directory. # jsse_keystore_type : jks # jsse_keystore_file : /usr/local/resin4/keys/server.keystore # jsse_keystore_password : changeme
八、问题
如果遇到如下问题,就是你的证书没有密码或者你密码写错了
jks证书报错:
Keystore was tampered with, or passwordwas incorrect
openssl证书报错
java.lang.ClassNotFoundException: com.caucho.vfs.OpenSSLFactory
转载于:https://blog.51cto.com/foxhound/1693132