Have you faced issues when you have to quickly enable SSL and you got stuck with it :-(
You are not alone, i will share my pain and some learning.
I will share steps to enable SSL on jetty.
Warning: Use below instruction only for dev setup and for production contact your security expert !
- Install jetty on your server
- Setup some env variable for convenience like
export jetty_home=…/somejetty
export jetty_base = …/your_application_install_location
It is recommended to keep jetty base out side of jetty installation otherwise you will have classpath nightmare
- Execute below command to create initial setup for SSL
java -jar $jetty_home/start.jar –add-to-startd=ssl jetty.base=$jetty_base
Once you run above command you will see something like below on console.
INFO: ssl initialised in ${jetty.base}/start.d/ssl.ini (created)
INFO: ssl enabled in /data/segmentation/segplat-deployments/app/application_secure/bin/${jetty.base}/start.d/ssl.ini
INFO: server initialised in ${jetty.base}/start.ini
INFO: server enabled in ${jetty.base}/start.ini
INFO: server enabled in <transitive>
INFO: resources initialised in ${jetty.base}/start.ini
INFO: resources enabled in ${jetty.base}/start.ini
INFO: resources enabled in <transitive>- Add below line ${jetty.base}/start.d/ssl.ini
–module=https
Check ssl port(jetty.ssl.port) and change it accordingly
- Add below line in ${jetty.base}/start.ini
jetty.ssl.port=port
Use same port as ssl.ini file.
- Start the server
java -jar $jetty_home/start.jar jetty.base=$jetty_base
You are done :-) Jetty starts on ssl .
Magic Questions
–Which certificate is used by jetty ?
That is the magic, jetty ships with certificate that is already imported in keystore that jetty is using.
Jetty looks for keystore in $jetty_base/etc/keystore location.
–What is password of keystore
Key store password is $jetty_base/start.d/ssl.ini , but it is encrypted. You can use below command to get the password.
java -cp jetty-util-9.2.14.v20151106.jar org.eclipse.jetty.util.security.Password “OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4”
it is “storepwd”
–How to see what is in key store ? run the below command and enter password
keytool –list -v -keystore keystore
If jetty gives some error like password is wrong or tampered then copy the keystore from $jetty_home/etc/keystore to $jetty_base/etc
It takes only 5 minutes to perform all the steps but only if you know otherwise it is day long frustration. Enjoy development with jetty.
| Published on Java Code Geeks with permission by Ashkrit Sharma, partner at our JCG program. See the original article here: Setup SSL in Jetty Opinions expressed by Java Code Geeks contributors are their own. |
