Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] jetty 7 + https ?
HI Mark,

Which version of jetty are you using ?? Are you able to access the keystore file using the relative path which you have used ??

 Just to tell you i was using Jetty 7.2.2 embedded in the equinox container . But there was problem to access the keystore file available in etc folder using the relative path 
  <Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
. The issue was reported and it was fixed in Jetty 7.3.0 and they have added new property as highlighted below .

 <Call name="addConnector">
   <Arg>
     <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Set name="Port">8443</Set>
<Set name="maxIdleTime">30000</Set>
        <Set name="Acceptors">2</Set>
        <Set name="AcceptQueueSize">100</Set>
        <Set name="Keystore"><Property name="this.jetty.xml.parent.folder.url"/>/keystore</Set>
        <Set name="Password">OBF:1igd1igf1igh1idp1idr1idt</Set> <!-- abcd1234 , -storepass  keyStoreInfo.getKeyStorePassword() -->
<Set name="KeyPassword">OBF:1igd1igf1igh1idp1idr1idt</Set> <!-- abc123 , aliaspass keyStoreInfo.getAlias_password  -->
   <Set name="truststore"><Property name="this.jetty.xml.parent.folder.url"/>/keystore</Set>
        <Set name="trustPassword">OBF:1igd1igf1igh1idp1idr1idt</Set> <!-- abcd1234 , -storepass  keyStoreInfo.getKeyStorePassword() -->
     </New>
   </Arg>
     </Call>  

Using above snippet in jetty.xml i am able to access the keystore file .

Best Regards,
Mitul

On Thu, Mar 10, 2011 at 2:07 AM, Mark Wyszomierski <markww@xxxxxxxxx> wrote:
Hi all,

Just following up, when running from localhost for development, you can use the keystore that comes with jetty, it's in the /etc folder. So you can just add the "addConnector" block directly from the walkthrough to jetty.xml as follows (but I had to change the capitalized "Port" argument and replace it with "port", and also change the connector class used to the eclipse package, not the mortbay package):

<Call name="addConnector">

    <Arg>

      <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> 

        <Set name="port">8443</Set>

        <Set name="maxIdleTime">30000</Set>

        <Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>

        <Set name="password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>

        <Set name="keyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>

        <Set name="truststore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>

        <Set name="trustPassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>

      </New>

    </Arg>

  </Call>


Thanks!


On Mon, Mar 7, 2011 at 9:32 AM, Mark Wyszomierski <markww@xxxxxxxxx> wrote:
Hi guys, thanks for your help - I think I skipped over an important point in the key generation:
  step1A:

  "The only mandatory response is to provide the fully qualified host name of the server at the 'first and last name' prompt.":
  keytool -keystore keystore -alias jetty -genkey -keyalg RSA
  Enter keystore password:  password
  What is your first and last name?
    [Unknown]:  jetty.mortbay.org

I'm running my server at localhost (for development) - what would the fully qualified host name be in this case?

Other than that, the only other part I could have gone wrong at is updating jetty.xml with the new connector definition. I've put it right below the default connector defintion:

    <Call name="addConnector">

      <Arg>

          <New class="org.eclipse.jetty.server.nio.SelectChannelConnector">

            <Set name="host"><SystemProperty name="jetty.host"/></Set>

            <Set name="port"><SystemProperty default="8080" name="jetty.port"/></Set>

            <Set name="maxIdleTime">300000</Set>

            <Set name="Acceptors">2</Set>

            <Set name="statsOn">false</Set>

            <Set name="confidentialPort">8443</Set>

    <Set name="lowResourcesConnections">20000</Set>

    <Set name="lowResourcesMaxIdleTime">5000</Set>

          </New>

      </Arg>

    </Call>

    

    <Call name="addConnector">

      <Arg>

        <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">

          <Set name="port">8443</Set>

          <Set name="maxIdleTime">30000</Set>

          <Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>

          <Set name="password">mypassword</Set>

          <Set name="keyPassword">mypassword</Set>

          <Set name="truststore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>

          <Set name="trustPassword">mypassword</Set>

        </New>

      </Arg>

    </Call>


Does that look correct?

Thanks again

On Mon, Mar 7, 2011 at 8:34 AM, Mike Pilone <MPilone@xxxxxxx> wrote:

Mark,

 

I'm using Jetty embedded but I was able to get SSL working with the following code. I didn't have to add any extra libs other than the maven dependencies on the normal jetty-* projects.

 

     URL keyResource = ContainerStart.class.getResource("/config/ssl-keystore.jks");

      sLog.info(format("Loading certificate from keystore [%s].", keyResource));

 

      SslSocketConnector connector = new SslSocketConnector();

      connector.setKeyPassword(keyPassword);

      connector.setKeystore(keyResource.toString());

      connector.setMaxIdleTime(1000 * 60 * 60);

      connector.setSoLingerTime(-1);

      connector.setPort(sslPort);

      server.addConnector(connector);

 

-mike

 

* | Mike Pilone | Software Architect, Distribution | mpilone@xxxxxxx | o: 202-513-2679  m: 703-969-7493

 

From: jetty-users-bounces@xxxxxxxxxxx [mailto:jetty-users-bounces@xxxxxxxxxxx] On Behalf Of Mark Wyszomierski
Sent: Monday, March 07, 2011 1:38 AM
To: JETTY user mailing list
Subject: Re: [jetty-users] jetty 7 + https ?

 

Hi Mithul,

 

The jsse.jar is there, the others are not (maybe they're renamed - not sure how old that jetty documentation I referenced is?). Is there new documentation for jetty 7 on this?

 

I can get jetty to start up, and I can ping port 8443 ok, get a response and all. But trying to navigate to the url via a browser throws a 102 error, connection refused,

 

Thanks

 

On Mon, Mar 7, 2011 at 12:07 AM, Mitul Adhia <mituladhia19@xxxxxxxxx> wrote:

Hi Mark,

 

The jars are available in your JRE installation under lib directory ..Can you please check their ?

 

Best Regards,

Mitul

 

On Mon, Mar 7, 2011 at 9:53 AM, Mark Wyszomierski <markww@xxxxxxxxx> wrote:

Hi,

 

I'm trying to setup jetty 7 for https. I've followed the instructions here:

 

 

but not sure about the line:

 

  "(make sure that jcert.jar, jnet.jar and jsse.jar are on your classpath)"

 

I'm on mac os 10.6, those jars are not present, and I don't see a place to download them. Before going further - are these instructions up to date at all? They still have the mortbay package naming, not sure if these jars are still necessary with jetty 7. I looked through the eclipse doc pages for jetty, but didn't see any updated walkthrough, thought something might be at:

 

 

no luck. 

 

Thanks

 

 

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users

 


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users

 


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users




_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users


Back to the top