HI Mark, Which version of jetty are you using ?? Are you able to access the keystore file using the relative path which you have used ??
Just to tell you i was using Jetty 7.2.2 embedded in the equinox container
. But there was problem to access the keystore file available in etc folder
using the relative path
<Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/
keystore</Set>
. The issue was reported and it was fixed in Jetty 7.3.0 and they have added
new property as highlighted below .
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Set name="Port">8443</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="Acceptors">2</Set>
<Set name="AcceptQueueSize">100</Set>
*<Set name="Keystore"><Property
name="this.jetty.xml.parent.folder.url"/>/keystore</Set>*
<Set name="Password">OBF:1igd1igf1igh1idp1idr1idt</Set> <!--
abcd1234 , -storepass keyStoreInfo.getKeyStorePassword() -->
<Set name="KeyPassword">OBF:1igd1igf1igh1idp1idr1idt</Set> <!-- abc123 ,
aliaspass keyStoreInfo.getAlias_password -->
*<Set name="truststore"><Property
name="this.jetty.xml.parent.folder.url"/>/keystore</Set>*
<Set name="trustPassword">OBF:1igd1igf1igh1idp1idr1idt</Set> <!--
abcd1234 , -storepass keyStoreInfo.getKeyStorePassword() -->
</New>
</Arg>
</Call>
Using above snippet in jetty.xml i am able to access the keystore file .
Best Regards,
Mitul
On Thu, Mar 10, 2011 at 2:07 AM, Mark Wyszomierski <[email protected]> wrote:
> Hi all,
>
> Just following up, when running from localhost for development, you can use
> the keystore that comes with jetty, it's in the /etc folder. So you can just
> add the "addConnector" block directly from the walkthrough to jetty.xml as
> follows (but I had to change the capitalized "Port" argument and replace it
> with "port", and also change the connector class used to the eclipse
> package, not the mortbay package):
>
> <Call name="addConnector">
>
> <Arg>
>
> <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
>
>
> <Set name="port">8443</Set>
>
> <Set name="maxIdleTime">30000</Set>
>
> <Set name="keystore"><SystemProperty name="jetty.home" default="."
> />/etc/keystore</Set>
>
> <Set name="password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
>
> <Set name="keyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
>
> <Set name="truststore"><SystemProperty name="jetty.home" default=
> "." />/etc/keystore</Set>
>
> <Set name="trustPassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</
> Set>
>
> </New>
>
> </Arg>
>
> </Call>
>
>
> Thanks!
>
> On Mon, Mar 7, 2011 at 9:32 AM, Mark Wyszomierski <[email protected]>wrote:
>
>> Hi guys, thanks for your help - I think I skipped over an important point
>> in the key generation:
>>
>> http://docs.codehaus.org/display/JETTY/How+to+configure+SSL
>> step1A:
>>
>> "The only mandatory response is to provide the fully qualified host
>> name of the server at the 'first and last name' prompt.":
>>
>> keytool -keystore keystore -alias jetty -genkey -keyalg RSA
>> Enter keystore password: password
>> What is your first and last name?
>> [Unknown]: jetty.mortbay.org
>>
>>
>> I'm running my server at localhost (for development) - what would the
>> fully qualified host name be in this case?
>>
>> Other than that, the only other part I could have gone wrong at is
>> updating jetty.xml with the new connector definition. I've put it right
>> below the default connector defintion:
>>
>> <Call name="addConnector">
>>
>> <Arg>
>>
>> <New class=
>> "org.eclipse.jetty.server.nio.SelectChannelConnector">
>>
>> <Set name="host"><SystemProperty name="jetty.host"/></Set>
>>
>> <Set name="port"><SystemProperty default="8080" name=
>> "jetty.port"/></Set>
>>
>> <Set name="maxIdleTime">300000</Set>
>>
>> <Set name="Acceptors">2</Set>
>>
>> <Set name="statsOn">false</Set>
>>
>> <Set name="confidentialPort">8443</Set>
>>
>> <Set name="lowResourcesConnections">20000</Set>
>>
>> <Set name="lowResourcesMaxIdleTime">5000</Set>
>>
>> </New>
>>
>> </Arg>
>>
>> </Call>
>>
>>
>>
>> <Call name="addConnector">
>>
>> <Arg>
>>
>> <New class=
>> "org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
>>
>> <Set name="port">8443</Set>
>>
>> <Set name="maxIdleTime">30000</Set>
>>
>> <Set name="keystore"><SystemProperty name="jetty.home" default=
>> "." />/etc/keystore</Set>
>>
>> <Set name="password">mypassword</Set>
>>
>> <Set name="keyPassword">mypassword</Set>
>>
>> <Set name="truststore"><SystemProperty name="jetty.home"
>> default="." />/etc/keystore</Set>
>>
>> <Set name="trustPassword">mypassword</Set>
>>
>> </New>
>>
>> </Arg>
>>
>> </Call>
>>
>> Does that look correct?
>>
>> Thanks again
>>
>> On Mon, Mar 7, 2011 at 8:34 AM, Mike Pilone <[email protected]> wrote:
>>
>>> Mark,
>>>
>>>
>>>
>>> I'm using Jetty embedded but I was able to get SSL working with the
>>> following code. I didn't have to add any extra libs other than the maven
>>> dependencies on the normal jetty-* projects.
>>>
>>>
>>>
>>> URL keyResource =
>>> ContainerStart.class.getResource("/config/ssl-keystore.jks");
>>>
>>> sLog.info(format("Loading certificate from keystore [%s].",
>>> keyResource));
>>>
>>>
>>>
>>> SslSocketConnector connector = new SslSocketConnector();
>>>
>>> connector.setKeyPassword(keyPassword);
>>>
>>> connector.setKeystore(keyResource.toString());
>>>
>>> connector.setMaxIdleTime(1000 * 60 * 60);
>>>
>>> connector.setSoLingerTime(-1);
>>>
>>> connector.setPort(sslPort);
>>>
>>> server.addConnector(connector);
>>>
>>>
>>>
>>> -mike
>>>
>>>
>>>
>>> [image: *] | Mike Pilone | Software Architect, Distribution |
>>> [email protected] | o: <202-513-2679>202-513-2679 m: <703-969-7493>
>>> 703-969-7493
>>>
>>>
>>>
>>> *From:* [email protected] [mailto:
>>> [email protected]] *On Behalf Of *Mark Wyszomierski
>>> *Sent:* Monday, March 07, 2011 1:38 AM
>>> *To:* JETTY user mailing list
>>> *Subject:* Re: [jetty-users] jetty 7 + https ?
>>>
>>>
>>>
>>> Hi Mithul,
>>>
>>>
>>>
>>> The jsse.jar is there, the others are not (maybe they're renamed - not
>>> sure how old that jetty documentation I referenced is?). Is there new
>>> documentation for jetty 7 on this?
>>>
>>>
>>>
>>> I can get jetty to start up, and I can ping port 8443 ok, get a response
>>> and all. But trying to navigate to the url via a browser throws a 102 error,
>>> connection refused,
>>>
>>>
>>>
>>> Thanks
>>>
>>>
>>>
>>> On Mon, Mar 7, 2011 at 12:07 AM, Mitul Adhia <[email protected]>
>>> wrote:
>>>
>>> Hi Mark,
>>>
>>>
>>>
>>> The jars are available in your JRE installation under lib directory ..Can
>>> you please check their ?
>>>
>>>
>>>
>>> Best Regards,
>>>
>>> Mitul
>>>
>>>
>>>
>>> On Mon, Mar 7, 2011 at 9:53 AM, Mark Wyszomierski <[email protected]>
>>> wrote:
>>>
>>> Hi,
>>>
>>>
>>>
>>> I'm trying to setup jetty 7 for https. I've followed the instructions
>>> here:
>>>
>>>
>>>
>>>
>>> http://docs.codehaus.org/display/JETTY/How+to+configure+SSL#HowtoconfigureSSL-step4
>>>
>>>
>>>
>>> but not sure about the line:
>>>
>>>
>>>
>>> "(make sure that jcert.jar, jnet.jar and jsse.jar are on your
>>> classpath)"
>>>
>>>
>>>
>>> I'm on mac os 10.6, those jars are not present, and I don't see a place
>>> to download them. Before going further - are these instructions up to date
>>> at all? They still have the mortbay package naming, not sure if these jars
>>> are still necessary with jetty 7. I looked through the eclipse doc pages for
>>> jetty, but didn't see any updated walkthrough, thought something might be
>>> at:
>>>
>>>
>>>
>>> http://wiki.eclipse.org/Jetty/Howto#Security
>>>
>>>
>>>
>>> no luck.
>>>
>>>
>>>
>>> Thanks
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> jetty-users mailing list
>>> [email protected]
>>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> jetty-users mailing list
>>> [email protected]
>>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>>
>>>
>>>
>>> _______________________________________________
>>> jetty-users mailing list
>>> [email protected]
>>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>>
>>>
>>
>
> _______________________________________________
> jetty-users mailing list
> [email protected]
> https://dev.eclipse.org/mailman/listinfo/jetty-users
>
>
<<image001.jpg>>
_______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
