[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [jetty-users] Getting SSL working
|
On Tue, Jan 17, 2017 at 07:27:57PM +0200, John English wrote:
> I'm a complete SSL newbie, and am trying to get things going with a free
> certificate from Let's Encrypt. I have an old Jetty 8.1.4 setup which
> worked fine with a self-signed certificate (yes, I know 8.1.4 is old and
> destined for the dustbin, but please hear me out!).
>
> What I did:
> 1. Import fullchain.pem (the all-in-one combined certificate and CA
> chain) using the JDK keytool:
>
> keytool -keystore keystore.test -import -alias foo.ddns.net -file
> /etc/letsencrypt/live/foo.ddns.net/fullchain.pem -trustcacerts
>
> 2. Start the server:
>
> java -jar start.jar OPTIONS=Server etc/jetty.xml
>
> Jetty.xml sets up HTTP on port 8080 and HTTPS on port 9443. I can
> connect to port 8080 via HTTP, but using Firefox to connect to HTTPS on
> port 9443 gives the error message "Secure connection failed: the
> connection to foo.ddns.net was interrupted while the page was loading.
> The page you are trying to view cannot be shown because the authenticity
> of the received data could not be verified." This tells me nothing about
> the problem.
'Authenticity' implies trusting the issuer of your server's certificate.
Is your server providing the certificate you expect?
openssl s_client -connect foo.ddns.net:9443 < /dev/null >& out.pem
You can use openssl tools to shake out what's going on.
If your server is not serving the certificate you expect, then you
indeed have a jetty config problem.
If your server is indeed serving the certificate you expect, then
your config is OK, but now you get to track down what your SSL issue
is, and that's not specific to jetty.
--
Brian Reichert <reichert@xxxxxxxxxxx>
BSD admin/developer at large
