Hi, On Fri, May 27, 2022 at 4:14 PM Bill Ross via jetty-users <jetty-users@eclipse.org> wrote: > > I forget if I made this file or got it as part of jetty, > > 3697 Aug 18 2018 jetty-base/etc/keystore > > and want to find out where it came from, and whether it's legal and makes > sense to distribute it, plus whether/how it should be copyrighted and > licensed. > > Any licensing experts who are curious, I'm using 'reuse lint' to sort out > SPDX-style license-tracking for an AGPL project.
Given the KeyStore file name, you're probably using Jetty 9.4.x. Please be aware that Jetty 9.4.x has reached the end of community support, see https://github.com/eclipse/jetty.project/issues/7958. The file is automatically copied from JETTY_HOME to JETTY_BASE when you enable, for example, the "https" Jetty module (or any other Jetty module that depends on it). However, it may be that you have created this file yourself. If it's created by Jetty, then it does not make sense to distribute it, because it's a KeyStore file with a public password containing a self-signed, likely expired, certificate for host "Jetty Server", so it won't be good for any real usage. Look inside with: $ keytool -v -list -keystore jetty-base/etc/keystore The KeyStore password is (it's already public and used throughout the Jetty source code): storepwd In Jetty 10 we create this file on-the-fly every time, but it's again a self-signed certificate for "localhost", so again not good for any real usage (just to get you started with https). -- Simone Bordet ---- http://cometd.org http://webtide.com Developer advice, training, services and support from the Jetty & CometD experts. _______________________________________________ jetty-users mailing list jetty-users@eclipse.org To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
