Jetty7配置双向SSL

参考Tomcat7配置双向SSL配置客户端pck12证书。（自签名证书）
导入trust key store:
keytool -keystore truststore -keypass 123456 -storepass 123456 -alias ca -import -trustcacerts -file ca-cert.pem
keytool -keystore truststore -keypass 123456 -storepass 123456 -alias client -import -trustcacerts -file client-cert.pem


客户端浏览器导入client.p12证书。(带私钥)




Server的证书
参考http://docs.codehaus.org/display/JETTY/How+to+configure+SSL
keytool -keystore keystore -alias jetty -genkey -keyalg RSA


jetty-ssl.xml的配置：
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Set name="Port">8443</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="Acceptors">2</Set>
<Set name="AcceptQueueSize">100</Set>
<Set name="Keystore"><Property name="jetty.home" default="." />/etc/ssl/keystore</Set>
<Set name="Password">123456</Set>
<Set name="KeyPassword">123456</Set>
<Set name="truststore"><Property name="jetty.home" default="." />/etc/ssl/truststore</Set>
<Set name="trustPassword">123456</Set>

<Set name="needClientAuth">true</Set>
<Set name="truststoreType">JKS</Set>
<Set name="keystoreType">JKS</Set>
<Set name="includeCipherSuites">
<Array type="java.lang.String">
<Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_RSA_WITH_AES_128_CBC_SHA</Item>
<Item>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Item>
<Item>TLS_RSA_WITH_AES_256_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA</Item>
</Array>
</Set>

</New>