Jrun - 4.0

1. KeyStore 가져오기 [CSR 생성을 유서트에서 진행하신 고객님께서는 2번부터 진행하시기 바랍니다.]
[root@mail ssl]# ls
root.cer www.ucert.co.kr.cer www.ucert.co.kr.csr www.ucert.co.kr.key
[root@mail ssl]# keytool -import -alias root -keystore www.ucert.co.kr.key -trustcacerts -file root.cer
keystore 암호를 입력하십시오:

설명 : 별칭(Alias) root에 ROOT(CA)인증서 추가

[root@mail ssl]# keytool -import -alias tomcat -keystore www.ucert.co.kr.key -trustcacerts -file www.ucert.co.kr.cer
keystore 암호를 입력하십시오:
인증서 회신이 keystore에 설치 되었습니다.

설명 : 별칭(Alias) ucert에 인증서 회신

[root@mail ssl]# keytool -list -keystore www.ucert.co.kr.key
keystore 암호를 입력하십시오:

Keystore 유형: JKS
Keystore 공급자: SUN

Keystore에는 2 항목이 포함되어 있습니다.

root, 2011. 2. 18, trustedCertEntry,
인증서 지문(MD5): C0:D7:AF:89:C9:CA:75:2F:F2:12:E9:60:E7:67:3D:E1
tomcat, 2011. 2. 18, PrivateKeyEntry,
인증서 지문(MD5): F8:53:D6:B3:1B:D6:6A:F0:17:8F:BC:9E:AC:02:86:F8
[root@mail ssl]#

설명 : 인증서 확인
2. SSL 환경 설정

1) Jrun.xml 파일 수정

<!-- ================================================================== -->
<!-- This is the built-in JRun Web Server -->
<!-- ================================================================== -->
<service class="jrun.servlet.http.WebService" name="WebService">
  <attribute name="activeHandlerThreads">25</attribute>
  <attribute name="backlog">500</attribute>
  <attribute name="interface">*</attribute>
  <attribute name="keepAlive">false</attribute>
  <attribute name="maxHandlerThreads">1000</attribute>
  <attribute name="minHandlerThreads">1</attribute>
  <attribute name="port">8100</attribute>
  <attribute name="threadWaitTimeout">20</attribute>
  <attribute name="timeout">300</attribute>
</service>

<!-- Uncomment this service to use SSL with the JRun Web Server
Note that you MUST create your own keystore before using this service
-->

<service class="jrun.servlet.http.SSLService" name="SSLService">
<attribute name="port">443</attribute>
* 설명 : SSL 통신 포트
<attribute name="keyStore">{jrun.rootdir}/lib/www.ucert.co.kr.jks</attribute>
* 설명 : 인증서(KeyStore) 경로
<attribute name="keyStorePassword">ucert1234</attribute>
* 설명 : KeyStore 패스워드
<attribute name="trustStore">{jrun.rootdir}/lib/trustStore</attribute>
<attribute name="socketFactoryName">jrun.servlet.http.JRunSSLServerSocketFactory</attribute>
<attribute name="deactivated">false</attribute> <attribute name="bindAddress">*</attribute>
<attribute name="interface">*</attribute> <attribute name="clientAuth">false</attribute>
* 설명 : 구문이 없을 시 추가
</service>

<!-- ========================================================================= -->
<!-- This service is for communicating with a native (IIS, Apache, Netscape) -->
<!-- web server. -->
<!-- To run this service in a secure mode via SSL, set the keyStore, -->
<!-- keyStorePassWord, trustStore and socketFactoryName attributes. -->
<!-- ========================================================================= -->
<service class="jrun.servlet.jrpp.JRunProxyService" name="ProxyService">
  <attribute name="activeHandlerThreads">25</attribute>
  <attribute name="backlog">500</attribute>
  <attribute name="deactivated">true</attribute>
  <attribute name="interface">*</attribute>
  <attribute name="maxHandlerThreads">1000</attribute>
  <attribute name="minHandlerThreads">1</attribute>
  <attribute name="port">51000</attribute>
  <attribute name="threadWaitTimeout">20</attribute>
  <attribute name="timeout">300</attribute>
<!--
  <attribute name="keyStore">{jrun.rootdir}/lib/keystore</attribute>
  <attribute name="keyStorePassword">changeit</attribute>
  <attribute name="trustStore">{jrun.rootdir}/lib/trustStore</attribute>
  <attribute name="socketFactoryName">jrun.servlet.jrpp.JRunProxySSLServerSocketFactory</attribute>
-->
</service>
3. Jrun 재기동