Have you faced issues when you have to quickly enable SSL and you got stuck with it :-(
Use same port as ssl.ini file.
You are not alone, i will share my pain and some learning.
I will share steps to enable SSL on jetty.
Warning: Use below instruction only for dev setup and for production contact your security expert !
- Install jetty on your server
- Setup some env variable for convenience like
export jetty_home=.../somejetty
export jetty_base = .../your_application_install_location
It is recommended to keep jetty base out side of jetty installation otherwise you will have classpath nightmare
- Execute below command to create initial setup for SSL
java -jar $jetty_home/start.jar --add-to-startd=ssl jetty.base=$jetty_base
Once you run above command you will see something like below on console.
- Add below line ${jetty.base}/start.d/ssl.ini
Check ssl port(jetty.ssl.port) and change it accordingly
- Add below line in ${jetty.base}/start.ini
Use same port as ssl.ini file.
- Start the server
You are done :-) Jetty starts on ssl .
Magic Questions
- Which certificate is used by jetty ?
That is the magic, jetty ships with certificate that is already imported in keystore that jetty is using.
Jetty looks for keystore in $jetty_base/etc/keystore location.
- What is password of keystore
Key store password is $jetty_base/start.d/ssl.ini , but it is encrypted. You can use below command to get the password.
java -cp jetty-util-9.2.14.v20151106.jar org.eclipse.jetty.util.security.Password "OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"
it is "storepwd"
- How to see what is in key store ? run the below command and enter password
keytool --list -v -keystore keystore
- What is password of keystore
Key store password is $jetty_base/start.d/ssl.ini , but it is encrypted. You can use below command to get the password.
java -cp jetty-util-9.2.14.v20151106.jar org.eclipse.jetty.util.security.Password "OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"
it is "storepwd"
- How to see what is in key store ? run the below command and enter password
keytool --list -v -keystore keystore
If jetty gives some error like password is wrong or tampered then copy the keystore from $jetty_home/etc/keystore to $jetty_base/etc
It takes only 5 minutes to perform all the steps but only if you know otherwise it is day long frustration. Enjoy development with jetty.
