If you are using Embedded Jetty, make sure you are using the
SslContextFactory*.Server* for your server, and not the generic
SslContextFactory.
Example:
server = new Server();
sslContextFactory = new SslContextFactory*.Server();*
sslContextFactory.setKeyStorePath(KEYSTORE_1);
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setKeyStoreType("JKS");
sslContextFactory.setKeyStoreProvider(null);
HttpConfiguration httpsConfig = new HttpConfiguration();
httpsConfig.addCustomizer(new SecureRequestCustomizer());
connector = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory,
HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(httpsConfig));
server.addConnector(connector);
If you are using the jetty-home artifact then check any custom XML you have
in your jetty-base directory that is setting up a SslContextFactory to
ensure it's using the appropriate side (Client vs Server) and not the
generic one.
Joakim Erdfelt / [email protected]
On Sat, Sep 14, 2019 at 9:34 PM Sonali Dasgupta <
[email protected]> wrote:
> Please note that keystores which worked without SAN in jetty 9.4.8 , now
> give "No subject alternative name" errors on running the applications on
> jetty 9.4.18 . Does that not signify that SANs are compulsory with jetty
> 9.4.18 ? Also , these keystores already have CN.
>
> Would appreciate a more detailed explanation on this issue , from the
> jetty developers. Also , the error seems fully related to Jetty, since it
> stems from jetty SSL Context.
>
> Thanks
>
> On Sun, 15 Sep, 2019, 3:38 AM Simone Bordet, <[email protected]> wrote:
>
>> Hi,
>>
>> On Sat, Sep 14, 2019 at 7:05 PM Sonali Dasgupta
>> <[email protected]> wrote:
>> >
>> > Are Subject Alternative Names (SANs) in keystores compulsory while
>> configuring SSL over Jetty server (version 9.4.18) ?
>>
>> No.
>>
>> > Is there a property which on being set , allows SSL configuration
>> without SANs in the keystore z/
>>
>> I don't understand this, and it has nothing to do with Jetty how you
>> setup your keystore.
>> If you don't want to use SAN, you just use the CN (perhaps with a wild
>> domain) and you're good to go.
>>
>> > Facing critical issues hence help will be appreciated.
>>
>> If you need critical support for Jetty, you can lookup commercial
>> support from Webtide: https://webtide.com.
>>
>> --
>> Simone Bordet
>> ----
>> http://cometd.org
>> http://webtide.com
>> Developer advice, training, services and support
>> from the Jetty & CometD experts.
>> _______________________________________________
>> jetty-users mailing list
>> [email protected]
>> To change your delivery options, retrieve your password, or unsubscribe
>> from this list, visit
>> https://www.eclipse.org/mailman/listinfo/jetty-users
>>
> _______________________________________________
> jetty-users mailing list
> [email protected]
> To change your delivery options, retrieve your password, or unsubscribe
> from this list, visit
> https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
