一、验证resin是否支持openssl,只要看启动日志就知道了。是否包含openssl
resin本身调用jni,如果编译后添加支持,可以优化resin性能,所以我编译的参数加了jni
1
2
3
|
Using Resin(R) Open Source under the GNU Public License (GPL).
See http:
//www
.caucho.com
for
information on Resin Professional,
including caching, clustering, JNI acceleration, and OpenSSL integration.
|
二、需要openssl,resin 本身需要编译支持openssl
1
2
3
4
5
|
yum
install
openssl openssl-devel -y
cd
resin-4.0.44
.
/configure
--prefix=
/usr/local/resin4
.0.44 --
enable
-64bit --
enable
-ssl --with-openssl=
/usr/
make
make
install
|
三、编写env.sh
每个项目都可以有自己的env,这样服务器可以有多个Java版本,多个resin
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
JAVA_HOME=
/usr/java/jdk1
.6.0_33
PATH=$JAVA_HOME
/bin
:$PATH
export
JAVA_HOME PATH
RESIN_HOME=
/usr/local/resin4
.0.44
export
RESIN_HOME
SERVER_ROOT=
/home/
项目名
LD_LIBRARY_PATH=$RESIN_HOME
/lib
#LD_LIBRARY_PATH=$SERVER_ROOT/etc
CLASSPATH=$LD_LIBRARY_PATH:$CLASSPATH
export
SERVER_ROOT LD_LIBRARY_PATH CLASSPATH
## for linux
#LANG=en_US.iso88591
LANG=zh_CN.gbk
export
LANG
|
四、删除多余的配置文件
删除cluster-default.xml health.xml 这都是pro版才有的功能
五、上传证书
将生成的csr key或者jks证书上传到 resin/keys 目录下,keys目录如果没有就自己建个
六、修改resin.xml
1
2
3
4
5
6
7
8
9
|
<http port=
"443"
>
<openssl>
<certificate-key-
file
>keys
/your_domain
.key<
/certificate-key-file
>
<certificate-
file
>keys
/your_domain
.crt<
/certificate-file
>
<certificate-chain-
file
>keys
/chain
.txt<
/certificate-chain-file
>
<password>test123<
/password
>
<protocol>-sslv3<
/protocol
>
<
/openssl
>
<
/http
>
|
jks
1
2
3
4
5
6
7
8
9
|
<http port=
"8443"
>
<jsse-ssl>
<key-store-
type
>jks<
/key-store-type
>
<key-store-
file
>keys
/server
.keystore<
/key-store-file
>
<password>changeit<
/password
>
<
/jsse-ssl
>
<
/http
>
<
/server-default
>
|
七、或者不动resin.xml,修改resin.properties
1
2
3
4
5
6
7
8
9
10
11
12
|
# OpenSSL certificate configuration
# Keys are typically stored in the resin configuration directory.
# openssl_file : keys/test.crt
# openssl_key : keys/test.key
# openssl_password : changeme
# openssl_protocols : -sslv2 -sslv3
# JSSE certificate configuration
# Keys are typically stored in the resin configuration directory.
# jsse_keystore_type : jks
# jsse_keystore_file : /usr/local/resin4/keys/server.keystore
# jsse_keystore_password : changeme
|
八、问题
如果遇到如下问题,就是你的证书没有密码或者你密码写错了
jks证书报错:
1
|
Keystore was tampered with, or passwordwas incorrect
|
openssl证书报错
1
|
java.lang.ClassNotFoundException: com.caucho.vfs.OpenSSLFactory
|
战狐