Enterprise Java

Setup SSL in Jetty

Have you faced issues when you have to quickly enable SSL and you got stuck with it :-(

You are not alone, i will share my pain and some learning.

I will share steps to enable SSL on jetty.

Warning: Use below instruction only for dev setup and for production contact your security expert !

  • Install jetty on your server
  • Setup some env variable for convenience like

export jetty_home=…/somejetty

export jetty_base = …/your_application_install_location

It is recommended to keep jetty base out side of jetty installation otherwise you will have classpath nightmare

  • Execute below command to create initial setup for SSL

java -jar $jetty_home/start.jar –add-to-startd=ssl jetty.base=$jetty_base

Once you run above command you will see something like below on console.

INFO: ssl             initialised in ${jetty.base}/start.d/ssl.ini (created)

INFO: ssl             enabled in     /data/segmentation/segplat-deployments/app/application_secure/bin/${jetty.base}/start.d/ssl.ini

INFO: server          initialised in ${jetty.base}/start.ini

INFO: server          enabled in     ${jetty.base}/start.ini

INFO: server          enabled in     <transitive>

INFO: resources       initialised in ${jetty.base}/start.ini

INFO: resources       enabled in     ${jetty.base}/start.ini

INFO: resources       enabled in     <transitive>
  •  Add below line  ${jetty.base}/start.d/ssl.ini


Check ssl port(jetty.ssl.port) and change it accordingly

  • Add below line in  ${jetty.base}/start.ini


Use same port as ssl.ini file.

  • Start the server

java -jar $jetty_home/start.jar jetty.base=$jetty_base

You are done :-) Jetty starts on ssl .

Magic Questions

Which certificate is used by jetty ? 

That is the magic, jetty ships with certificate that is already imported in keystore that jetty is using.

Jetty looks for keystore in $jetty_base/etc/keystore location.

What is password of keystore

Key store password is $jetty_base/start.d/ssl.ini , but it is encrypted. You can use below command to get the password.

java -cp jetty-util-9.2.14.v20151106.jar org.eclipse.jetty.util.security.Password “OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4” 

it is “storepwd”

How to see what is in key store ? run the below command and enter password

keytool –list  -v -keystore keystore

If jetty gives some error like password is wrong or tampered then copy the keystore from $jetty_home/etc/keystore to  $jetty_base/etc

It takes only 5 minutes to perform all the steps but only if you know otherwise it is day long frustration. Enjoy development with jetty.

Published on Java Code Geeks with permission by Ashkrit Sharma, partner at our JCG program. See the original article here: Setup SSL in Jetty

Opinions expressed by Java Code Geeks contributors are their own.

Ashkrit Sharma

Pragmatic software developer who loves practice that makes software development fun and likes to develop high performance & low latency system.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
Back to top button