Jetty 9.x SSL Setup

Posted by

Download Jetty 9.X from http://www.eclipse.org/jetty/download.html

Create self signed certificate using Keytool or you can use the default keystore that comes packaged with jetty (module/ssl/keystore)

keytool -genkey -keyalg RSA -alias tomcat -keystore keystore -validity -keysize 2048

Verify contents using below:

keytool -list -v -keystore keystore

Modify start.ini file which is in JETTY_HOME directory.

- Comment below line
#—modue=http

- Add below lines
--module=ssl
--module=https

Navigate to the JETTY_HOME/lib folder.

Run following Java command :

java -cp jetty-util-9.2.11.X.jar org.eclipse.jetty.util.security.Password *******

OBF:1igd1l8d1l1a1uh21ugo1kxs1l4x1idt
MD5:75a593a34aa5ba8e5e5788b7c899802e

Copy the generated password, which is the line starting with OBF (in this example OBF:1igd1l8d1l1a1uh21ugo1kxs1l4x1idt).

Modify ssl.mod in JETTY_HOME/modules directory

jetty.ssl.port=8443
jetty.sslContext.keyStorePath=etc/keystore
jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4

Start Jetty Server from bin directory

./jetty.sh start

2017-01-24 15:32:58.725:INFO:oejs.AbstractConnector:main: Started ServerConnector@701fc37a{SSL,[ssl, http/1.1]}{0.0.0.0:8443}
2017-01-24 15:32:58.726:INFO:oejs.Server:main: Started @1485ms
OK Tue Jan 24 15:33:01 IST 2017

Access the service in browser using https://localhost:8443

To Enable Mutual Auth

## whether client certificate authentication is required
jetty.sslContext.needClientAuth=false/true

## Whether client certificate authentication is desired
jetty.sslContext.wantClientAuth=false/true

Leave a Reply

Your email address will not be published.