Re: [jetty-users] ssl setup

["Mehta, Miten" <Miten.Mehta@xxxxxxxxxxxxxxxxx>]

Hi,

 

I also get following alert page from mozilla.

 

 

 

---

From: jetty-users-bounces@xxxxxxxxxxx [mailto:jetty-users-bounces@xxxxxxxxxxx] On Behalf Of Mehta, Miten (IM Technology)
Sent: Monday, January 17, 2011 6:18 PM
To: JETTY user mailing list
Subject: Re: [jetty-users] ssl setup

Hi,

I also added the certificate in firefox under "Advanced\View Certificates\Servers".

Regards,

Miten Mehta
Morgan Stanley | Technology
Block B2, Nirlon Knowledge Park
S T Yadav Rd, Goregaon East
Mumbai 400063
Phone: +91 22 6138-5645
Miten.Mehta@xxxxxxxxxxxxxxxxx

On Mon, Jan 17, 2011 at 6:15 PM, Miten Mehta <mitenm@xxxxxxxxxxxxxxxxx> wrote:

Hi,

I have c:\working\mykeystore\.jetty_keystore in which I created and imported certificate using openssl and commands from
http://www.cafesoft.com/products/cams/ps/docs30/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html
http://docs.codehaus.org/display/JETTY/How+to+configure+SSL

The keystore imported pkcs12 as entry with alias 1 so I changed it to alias jetty.  I am trying clear text passwords but I am just doing things locally on pc.

The keystore is only keystore I have setup and I have jetty-ssl.xml as below:
<Call name="addConnector">
    <Arg>
      <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
    <Set name="Port">8443</Set>
    <Set name="maxIdleTime">30000</Set>
        <Set name="Acceptors">2</Set>
        <Set name="AcceptQueueSize">100</Set>
    <Set name="Keystore">C:/working/mykeystore/.jetty_keystore</Set>
    <Set name="Password">storePass123</Set>
    <Set name="KeyPassword">password</Set>
        <Set name="truststore">C:/working/mykeystore/.jetty_keystore</Set>
        <Set name="trustPassword">storePass123</Set>
      </New>
    </Arg>
  </Call>


is it a problem that both keystore and truststore are same ?

I get below in jetty logs:

2011-01-17 17:57:54.500:INFO::Started SslSelectChannelConnector@0.0.0.0:8443
2011-01-17 17:57:54.500:DBUG::STARTED SslSelectChannelConnector@0.0.0.0:8443
org.eclipse.jetty.server.Server@9e5c73 STOPPED
 +-DebugHandler@4fc156 started
    +-HandlerCollection@1a06e38 started
       +-ContextHandlerCollection@2200d5 started
       +-DefaultHandler@64ab4d started

2011-01-17 17:57:54.500:DBUG::STARTED org.eclipse.jetty.server.Server@9e5c73
2011-01-17 17:57:54.921:DBUG::loaded class org.eclipse.jetty.io.nio.SelectorManager$SelectSet$2 from ContextLoader@Test WebApp([file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/classes/, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-client-7.1.4.v20100610.jar, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-continuation-7.1.4.v20100610.jar, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-http-7.1.4.v20100610.jar, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-io-7.1.4.v20100610.jar, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-servlets-7.1.4.v20100610.jar, file:/C:/Documents%20and%20Settings/mitenm/Local%20Settings/Temp/Jetty_0_0_0_0_8080_test.war____.hcx133/webapp/WEB-INF/lib/jetty-util-7.1.4.v20100610.jar]) / StartLoader[file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/com.sun.el_1.0.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/ecj-3.6RC4.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/javax.el_2.1.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/javax.servlet.jsp_2.1.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/javax.servlet.jsp.jstl_1.2.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/jetty-jsp-2.1-7.1.4.v20100610.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/org.apache.jasper.glassfish_2.1.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/lib/jsp/org.apache.taglibs.standard.glassfish_1.2.0.v201004190952.jar, file:/I%3a/learn/java/jetty-distribution-7.1.4.v20100610/resources/]
2011-01-17 18:00:17.908:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] channel=java.nio.channels.SocketChannel[connected local=/127.0.0.1:8443 remote=/127.0.0.1:2856]
2011-01-17 18:00:17.908:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 158
2011-01-17 18:00:17.908:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 0
2011-01-17 18:00:17.955:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap unwrap Status = OK HandshakeStatus = NEED_TASK|bytesConsumed = 158 bytesProduced = 0
2011-01-17 18:00:18.048:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] fill wrap Status = OK HandshakeStatus = NEED_UNWRAP|bytesConsumed = 0 bytesProduced = 1419
2011-01-17 18:00:18.048:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] Flushed 1419/1419
2011-01-17 18:00:18.048:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 0
2011-01-17 18:00:18.048:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 7
2011-01-17 18:00:18.048:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled -1
2011-01-17 18:00:18.095:WARN::javax.net.ssl.SSLException: Received fatal alert: unknown_ca
2011-01-17 18:00:18.095:INFO::EXCEPTION
javax.net.ssl.SSLException: Received fatal alert: unknown_ca
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1401)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1369)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1535)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:995)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:815)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:691)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.unwrap(SslSelectChannelEndPoint.java:684)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:298)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:289)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)
    at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:489)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
    at java.lang.Thread.run(Thread.java:619)
2011-01-17 18:00:18.095:INFO::EXCEPTION
javax.net.ssl.SSLException: Received fatal alert: unknown_ca
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1401)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1369)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1535)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:995)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:815)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:691)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.unwrap(SslSelectChannelEndPoint.java:684)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:298)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:289)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)
    at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:489)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
    at java.lang.Thread.run(Thread.java:619)
2011-01-17 18:00:18.095:DBUG::EOF org.eclipse.jetty.io.EofException
2011-01-17 18:00:55.096:DBUG::org.eclipse.jetty.io.nio.SelectorManager$SelectSet@bd09e8 JVM BUG(s) - cancelled keys 1 times
2011-01-17 18:05:24.818:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] channel=java.nio.channels.SocketChannel[connected local=/127.0.0.1:8443 remote=/127.0.0.1:2884]
2011-01-17 18:05:24.818:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 0
2011-01-17 18:05:24.818:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 158
2011-01-17 18:05:24.818:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 0
2011-01-17 18:05:24.818:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap unwrap Status = OK HandshakeStatus = NEED_TASK|bytesConsumed = 158 bytesProduced = 0
2011-01-17 18:05:24.833:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] fill wrap Status = OK HandshakeStatus = NEED_UNWRAP|bytesConsumed = 0 bytesProduced = 1419
2011-01-17 18:05:24.833:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] Flushed 1419/1419
2011-01-17 18:05:24.833:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 0
2011-01-17 18:05:24.833:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled 7
2011-01-17 18:05:24.833:DBUG:org.eclipse.jetty.http.ssl:[Session-1, SSL_NULL_WITH_NULL_NULL] unwrap filled -1
2011-01-17 18:05:24.833:WARN::javax.net.ssl.SSLException: Received fatal alert: access_denied
2011-01-17 18:05:24.833:INFO::EXCEPTION
javax.net.ssl.SSLException: Received fatal alert: access_denied
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1401)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1369)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1535)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:995)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:815)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:691)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.unwrap(SslSelectChannelEndPoint.java:684)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:298)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:289)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)
    at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:489)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
    at java.lang.Thread.run(Thread.java:619)
2011-01-17 18:05:24.833:INFO::EXCEPTION
javax.net.ssl.SSLException: Received fatal alert: access_denied
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1401)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1369)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1535)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:995)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:815)
    at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:691)
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.unwrap(SslSelectChannelEndPoint.java:684)
    at org.eclipse.jetty.io.nio.SslSelectChannelEndPoint.fill(SslSelectChannelEndPoint.java:298)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:289)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)
    at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:489)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
    at java.lang.Thread.run(Thread.java:619)
2011-01-17 18:05:24.833:DBUG::EOF org.eclipse.jetty.io.EofException


Regards,

Miten

---

NOTICE: Morgan Stanley is not acting as a municipal advisor and the opinions or views contained herein are not intended to be, and do not constitute, advice within the meaning of Section 975 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. If you have received this communication in error, please destroy all electronic and paper copies and notify the sender immediately. Mistransmission is not intended to waive confidentiality or privilege. Morgan Stanley reserves the right, to the extent permitted under applicable law, to monitor electronic communications. This message is subject to terms available at the following link: http://www.morganstanley.com/disclaimers. If you cannot access these links, please notify us by reply message and we will send the contents to you. By messaging with Morgan Stanley you consent to the foregoing.