Standard Java Keystore. On the Java side you (typically) have the keytool (that manages the Java keystore). On the Certificate side you have countless tools that exist for your OS to create/adapt/convert/edit/list/etc the Certificates. If you get your certificates from a CA (Certificate Authority) you'll need these tools to setup things in a way that's suitable for the Java keytool. You'll need both sides (one to make the certificates, the other to create the keystore from the certificates).
It would be best for you to understand the absolute basics of Certificates, and Certificate chains, as this will come up super often when you are working with TLS. Lots of books and documentation online for all of this. Go forth and google. Joakim Erdfelt / joa...@webtide.com On Fri, May 13, 2022 at 3:11 PM Esquivel, Vince <esquiv...@uhd.edu> wrote: > Thank you Joakim for the great information. I do happen to be using Java > 11 on RHEL 8 because the Shibboleth IDP application requires it. So, I am > not sure what I will have to look out for, since I am using Java 11. > > > > > > Thanks > > > > Vince > > > > *From:* jetty-users <jetty-users-boun...@eclipse.org> *On Behalf Of *Joakim > Erdfelt > *Sent:* Friday, May 13, 2022 2:02 PM > *To:* JETTY user mailing list <jetty-users@eclipse.org> > *Subject:* Re: [jetty-users] Jetty 10 SSL configuration > > > > Hoo boy, this is a HUGE topic, and is not suitable for email. > > > > The basics, > > For server side TLS (this is what it's called now, SSL is dead, long live > TLS), you'll need ... > > > > * A Java keystore (required) > > * A Java truststore (optional, you don't have to create one, you can even > just use the built in defaults) > > * A Jetty configuration to find the keystore file (this is the > SslContextFactory.Server) > > * A Jetty configuration for your connector (the thing that accepts > connections) > > * A Jetty configuration to find the specific details in the keystore that > you want to use for that connector. > > > > For the Java keystore, you'll want PKCS12 format, and the techniques to > get your certificates into that keystore are documented all over the > internet. > > Just pick documentation that suits your version of Java and OS best. (so > don't pick documentation talking about Java 7 on Windows if you are using > Java 11 on Linux, as the tools you will use will be different). > > > > Once you have this keystore file setup with your certificates you'll need > to setup the configurations on Jetty side (listed above). > > You'll need to know things like the keystore passwords and any aliases > within the keystore you might have configured, etc. > > Then you'll optionally have to setup permissions on your OS to allow Jetty > to bind to port 443. (do yourself a favor and use 8443 while testing, make > sure it works on that port first, then worry about the OS permissions issue > when you switch to port 443). > > > > Joakim Erdfelt / joa...@webtide.com > > > > > > On Thu, May 12, 2022 at 4:17 PM Esquivel, Vince <esquiv...@uhd.edu> wrote: > > Thanks Joakim for the info, I have looked through that but still a little > foggy about it all. You are correct, I meant to say port 443 and not 80. > > > > Vince > > > > *From:* jetty-users <jetty-users-boun...@eclipse.org> *On Behalf Of *Joakim > Erdfelt > *Sent:* Thursday, May 12, 2022 4:07 PM > *To:* JETTY user mailing list <jetty-users@eclipse.org> > *Subject:* Re: [jetty-users] Jetty 10 SSL configuration > > > > Start here > > > > > https://www.eclipse.org/jetty/documentation/jetty-10/operations-guide/index.html#og-protocols > <https://urldefense.com/v3/__https:/www.eclipse.org/jetty/documentation/jetty-10/operations-guide/index.html*og-protocols__;Iw!!F8lEXw!9qw6isIFnaaD8zP1tG-v5zo-XPDcgkR69non-dUxmSqpUZ1Khbfesp5IGbk76dMZnyaF-cKh9HBrXF8YGg$> > > > > You'll want to know about Connectors, thru to SslContextFactory. > > You'll also need to consult RHEL documentation on allowing a program to > bind to port 80 or 443. > > > > Note: port 80 is not for SSL its for http (plaintext) > > Use 443, that's the default for https (TLS / SSL) > > > Joakim Erdfelt / joa...@webtide.com > > > > > > On Thu, May 12, 2022 at 3:26 PM Esquivel, Vince <esquiv...@uhd.edu> wrote: > > I installed jetty 10 on my RHEL 8 server but having a hard time > configuring SSL on it. I am a jetty newbie and trying to learn on the > fly. Does anyone have a link or document on how to configure SSL on port > 80 for Jetty 10? > > > > Thanks in advance. > > > > Vince > > _______________________________________________ > jetty-users mailing list > jetty-users@eclipse.org > To unsubscribe from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users > <https://urldefense.com/v3/__https:/www.eclipse.org/mailman/listinfo/jetty-users__;!!F8lEXw!9qw6isIFnaaD8zP1tG-v5zo-XPDcgkR69non-dUxmSqpUZ1Khbfesp5IGbk76dMZnyaF-cKh9HD8ZdaV3w$> > > _______________________________________________ > jetty-users mailing list > jetty-users@eclipse.org > To unsubscribe from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users > <https://urldefense.com/v3/__https:/www.eclipse.org/mailman/listinfo/jetty-users__;!!F8lEXw!7_-3oOEtGhhh46jKAzxfUyQ4Dj5yv-5Kpaa0tLXvB4ECITXuHw5Ox_hKGhtQA7jQ6kx2TB7jVPt_qvTf0Q$> > > _______________________________________________ > jetty-users mailing list > jetty-users@eclipse.org > To unsubscribe from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list jetty-users@eclipse.org To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
