Have you faced issues when you have to quickly enable SSL and you got stuck with it :-(
Use same port as ssl.ini file.
You are not alone, i will share my pain and some learning.
I will share steps to enable SSL on jetty.
Warning: Use below instruction only for dev setup and for production contact your security expert !
- Install jetty on your server
- Setup some env variable for convenience like
export jetty_home=.../somejetty
export jetty_base = .../your_application_install_location
It is recommended to keep jetty base out side of jetty installation otherwise you will have classpath nightmare
- Execute below command to create initial setup for SSL
java -jar $jetty_home/start.jar --add-to-startd=ssl jetty.base=$jetty_base
Once you run above command you will see something like below on console.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| INFO: ssl initialised in ${jetty.base}/start.d/ssl.ini (created) | |
| INFO: ssl enabled in /data/segmentation/segplat-deployments/app/application_secure/bin/${jetty.base}/start.d/ssl.ini | |
| INFO: server initialised in ${jetty.base}/start.ini | |
| INFO: server enabled in ${jetty.base}/start.ini | |
| INFO: server enabled in <transitive> | |
| INFO: resources initialised in ${jetty.base}/start.ini | |
| INFO: resources enabled in ${jetty.base}/start.ini | |
| INFO: resources enabled in <transitive> |
- Add below line ${jetty.base}/start.d/ssl.ini
Check ssl port(jetty.ssl.port) and change it accordingly
- Add below line in ${jetty.base}/start.ini
Use same port as ssl.ini file.
- Start the server
You are done :-) Jetty starts on ssl .
Magic Questions
- Which certificate is used by jetty ?
That is the magic, jetty ships with certificate that is already imported in keystore that jetty is using.
Jetty looks for keystore in $jetty_base/etc/keystore location.
- What is password of keystore
Key store password is $jetty_base/start.d/ssl.ini , but it is encrypted. You can use below command to get the password.
java -cp jetty-util-9.2.14.v20151106.jar org.eclipse.jetty.util.security.Password "OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"
it is "storepwd"
- How to see what is in key store ? run the below command and enter password
keytool --list -v -keystore keystore
- What is password of keystore
Key store password is $jetty_base/start.d/ssl.ini , but it is encrypted. You can use below command to get the password.
java -cp jetty-util-9.2.14.v20151106.jar org.eclipse.jetty.util.security.Password "OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"
it is "storepwd"
- How to see what is in key store ? run the below command and enter password
keytool --list -v -keystore keystore
If jetty gives some error like password is wrong or tampered then copy the keystore from $jetty_home/etc/keystore to $jetty_base/etc
It takes only 5 minutes to perform all the steps but only if you know otherwise it is day long frustration. Enjoy development with jetty.
I am Liam Smith. I am an online gamer. Currently I play online games on The World777 Admin. Read your blog. Thanks for providing us with such valuable information.
ReplyDeleteVisit- World777 WhatsApp Number