Hi all, Just following up, when running from localhost for development, you can use the keystore that comes with jetty, it's in the /etc folder. So you can just add the "addConnector" block directly from the walkthrough to jetty.xml as follows (but I had to change the capitalized "Port" argument and replace it with "port", and also change the connector class used to the eclipse package, not the mortbay package):
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Set name="port">8443</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="keystore"><SystemProperty name="jetty.home" default="."
/>/etc/keystore</Set>
<Set name="password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
<Set name="keyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
<Set name="truststore"><SystemProperty name="jetty.home" default="."
/>/etc/keystore</Set>
<Set name="trustPassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
</New>
</Arg>
</Call>
Thanks!
On Mon, Mar 7, 2011 at 9:32 AM, Mark Wyszomierski <[email protected]> wrote:
> Hi guys, thanks for your help - I think I skipped over an important point
> in the key generation:
>
> http://docs.codehaus.org/display/JETTY/How+to+configure+SSL
> step1A:
>
> "The only mandatory response is to provide the fully qualified host name
> of the server at the 'first and last name' prompt.":
>
> keytool -keystore keystore -alias jetty -genkey -keyalg RSA
> Enter keystore password: password
> What is your first and last name?
> [Unknown]: jetty.mortbay.org
>
>
> I'm running my server at localhost (for development) - what would the fully
> qualified host name be in this case?
>
> Other than that, the only other part I could have gone wrong at is updating
> jetty.xml with the new connector definition. I've put it right below the
> default connector defintion:
>
> <Call name="addConnector">
>
> <Arg>
>
> <New class="org.eclipse.jetty.server.nio.SelectChannelConnector"
> >
>
> <Set name="host"><SystemProperty name="jetty.host"/></Set>
>
> <Set name="port"><SystemProperty default="8080" name=
> "jetty.port"/></Set>
>
> <Set name="maxIdleTime">300000</Set>
>
> <Set name="Acceptors">2</Set>
>
> <Set name="statsOn">false</Set>
>
> <Set name="confidentialPort">8443</Set>
>
> <Set name="lowResourcesConnections">20000</Set>
>
> <Set name="lowResourcesMaxIdleTime">5000</Set>
>
> </New>
>
> </Arg>
>
> </Call>
>
>
>
> <Call name="addConnector">
>
> <Arg>
>
> <New class=
> "org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
>
> <Set name="port">8443</Set>
>
> <Set name="maxIdleTime">30000</Set>
>
> <Set name="keystore"><SystemProperty name="jetty.home" default=
> "." />/etc/keystore</Set>
>
> <Set name="password">mypassword</Set>
>
> <Set name="keyPassword">mypassword</Set>
>
> <Set name="truststore"><SystemProperty name="jetty.home" default
> ="." />/etc/keystore</Set>
>
> <Set name="trustPassword">mypassword</Set>
>
> </New>
>
> </Arg>
>
> </Call>
>
> Does that look correct?
>
> Thanks again
>
> On Mon, Mar 7, 2011 at 8:34 AM, Mike Pilone <[email protected]> wrote:
>
>> Mark,
>>
>>
>>
>> I'm using Jetty embedded but I was able to get SSL working with the
>> following code. I didn't have to add any extra libs other than the maven
>> dependencies on the normal jetty-* projects.
>>
>>
>>
>> URL keyResource =
>> ContainerStart.class.getResource("/config/ssl-keystore.jks");
>>
>> sLog.info(format("Loading certificate from keystore [%s].",
>> keyResource));
>>
>>
>>
>> SslSocketConnector connector = new SslSocketConnector();
>>
>> connector.setKeyPassword(keyPassword);
>>
>> connector.setKeystore(keyResource.toString());
>>
>> connector.setMaxIdleTime(1000 * 60 * 60);
>>
>> connector.setSoLingerTime(-1);
>>
>> connector.setPort(sslPort);
>>
>> server.addConnector(connector);
>>
>>
>>
>> -mike
>>
>>
>>
>> [image: *] | Mike Pilone | Software Architect, Distribution |
>> [email protected] | o: <202-513-2679>202-513-2679 m: <703-969-7493>
>> 703-969-7493
>>
>>
>>
>> *From:* [email protected] [mailto:
>> [email protected]] *On Behalf Of *Mark Wyszomierski
>> *Sent:* Monday, March 07, 2011 1:38 AM
>> *To:* JETTY user mailing list
>> *Subject:* Re: [jetty-users] jetty 7 + https ?
>>
>>
>>
>> Hi Mithul,
>>
>>
>>
>> The jsse.jar is there, the others are not (maybe they're renamed - not
>> sure how old that jetty documentation I referenced is?). Is there new
>> documentation for jetty 7 on this?
>>
>>
>>
>> I can get jetty to start up, and I can ping port 8443 ok, get a response
>> and all. But trying to navigate to the url via a browser throws a 102 error,
>> connection refused,
>>
>>
>>
>> Thanks
>>
>>
>>
>> On Mon, Mar 7, 2011 at 12:07 AM, Mitul Adhia <[email protected]>
>> wrote:
>>
>> Hi Mark,
>>
>>
>>
>> The jars are available in your JRE installation under lib directory ..Can
>> you please check their ?
>>
>>
>>
>> Best Regards,
>>
>> Mitul
>>
>>
>>
>> On Mon, Mar 7, 2011 at 9:53 AM, Mark Wyszomierski <[email protected]>
>> wrote:
>>
>> Hi,
>>
>>
>>
>> I'm trying to setup jetty 7 for https. I've followed the instructions
>> here:
>>
>>
>>
>>
>> http://docs.codehaus.org/display/JETTY/How+to+configure+SSL#HowtoconfigureSSL-step4
>>
>>
>>
>> but not sure about the line:
>>
>>
>>
>> "(make sure that jcert.jar, jnet.jar and jsse.jar are on your
>> classpath)"
>>
>>
>>
>> I'm on mac os 10.6, those jars are not present, and I don't see a place to
>> download them. Before going further - are these instructions up to date at
>> all? They still have the mortbay package naming, not sure if these jars are
>> still necessary with jetty 7. I looked through the eclipse doc pages for
>> jetty, but didn't see any updated walkthrough, thought something might be
>> at:
>>
>>
>>
>> http://wiki.eclipse.org/Jetty/Howto#Security
>>
>>
>>
>> no luck.
>>
>>
>>
>> Thanks
>>
>>
>>
>>
>>
>> _______________________________________________
>> jetty-users mailing list
>> [email protected]
>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>
>>
>>
>>
>> _______________________________________________
>> jetty-users mailing list
>> [email protected]
>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>
>>
>>
>> _______________________________________________
>> jetty-users mailing list
>> [email protected]
>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>
>>
>
<<image001.jpg>>
_______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
