Hi Mark, The bug was reported here
https://bugs.eclipse.org/bugs/show_bug.cgi?id=334062 <https://bugs.eclipse.org/bugs/show_bug.cgi?id=334062>Best Regards, Mitul On Thu, Mar 10, 2011 at 10:42 AM, Mitul Adhia <[email protected]>wrote: > HI Mark, > > Which version of jetty are you using ?? Are you able to access the keystore > file using the relative path which you have used ?? > > Just to tell you i was using Jetty 7.2.2 embedded in the equinox container > . But there was problem to access the keystore file available in etc folder > using the relative path > <Set name="keystore"><SystemProperty name="jetty.home" default="." /> > /etc/keystore</Set> > . The issue was reported and it was fixed in Jetty 7.3.0 and they have > added new property as highlighted below . > > <Call name="addConnector"> > <Arg> > <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> > <Set name="Port">8443</Set> > <Set name="maxIdleTime">30000</Set> > <Set name="Acceptors">2</Set> > <Set name="AcceptQueueSize">100</Set> > *<Set name="Keystore"><Property > name="this.jetty.xml.parent.folder.url"/>/keystore</Set>* > <Set name="Password">OBF:1igd1igf1igh1idp1idr1idt</Set> <!-- > abcd1234 , -storepass keyStoreInfo.getKeyStorePassword() --> > <Set name="KeyPassword">OBF:1igd1igf1igh1idp1idr1idt</Set> <!-- abc123 , > aliaspass keyStoreInfo.getAlias_password --> > *<Set name="truststore"><Property > name="this.jetty.xml.parent.folder.url"/>/keystore</Set>* > <Set name="trustPassword">OBF:1igd1igf1igh1idp1idr1idt</Set> <!-- > abcd1234 , -storepass keyStoreInfo.getKeyStorePassword() --> > </New> > </Arg> > </Call> > > Using above snippet in jetty.xml i am able to access the keystore file . > > Best Regards, > Mitul > > On Thu, Mar 10, 2011 at 2:07 AM, Mark Wyszomierski <[email protected]>wrote: > >> Hi all, >> >> Just following up, when running from localhost for development, you can >> use the keystore that comes with jetty, it's in the /etc folder. So you can >> just add the "addConnector" block directly from the walkthrough to jetty.xml >> as follows (but I had to change the capitalized "Port" argument and replace >> it with "port", and also change the connector class used to the eclipse >> package, not the mortbay package): >> >> <Call name="addConnector"> >> >> <Arg> >> >> <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector" >> > >> >> <Set name="port">8443</Set> >> >> <Set name="maxIdleTime">30000</Set> >> >> <Set name="keystore"><SystemProperty name="jetty.home" default= >> "." />/etc/keystore</Set> >> >> <Set name="password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set> >> >> <Set name="keyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set> >> >> <Set name="truststore"><SystemProperty name="jetty.home" default= >> "." />/etc/keystore</Set> >> >> <Set name="trustPassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</ >> Set> >> >> </New> >> >> </Arg> >> >> </Call> >> >> >> Thanks! >> >> On Mon, Mar 7, 2011 at 9:32 AM, Mark Wyszomierski <[email protected]>wrote: >> >>> Hi guys, thanks for your help - I think I skipped over an important point >>> in the key generation: >>> >>> http://docs.codehaus.org/display/JETTY/How+to+configure+SSL >>> step1A: >>> >>> "The only mandatory response is to provide the fully qualified host >>> name of the server at the 'first and last name' prompt.": >>> >>> keytool -keystore keystore -alias jetty -genkey -keyalg RSA >>> Enter keystore password: password >>> What is your first and last name? >>> [Unknown]: jetty.mortbay.org >>> >>> >>> I'm running my server at localhost (for development) - what would the >>> fully qualified host name be in this case? >>> >>> Other than that, the only other part I could have gone wrong at is >>> updating jetty.xml with the new connector definition. I've put it right >>> below the default connector defintion: >>> >>> <Call name="addConnector"> >>> >>> <Arg> >>> >>> <New class= >>> "org.eclipse.jetty.server.nio.SelectChannelConnector"> >>> >>> <Set name="host"><SystemProperty name="jetty.host"/></Set> >>> >>> <Set name="port"><SystemProperty default="8080" name= >>> "jetty.port"/></Set> >>> >>> <Set name="maxIdleTime">300000</Set> >>> >>> <Set name="Acceptors">2</Set> >>> >>> <Set name="statsOn">false</Set> >>> >>> <Set name="confidentialPort">8443</Set> >>> >>> <Set name="lowResourcesConnections">20000</Set> >>> >>> <Set name="lowResourcesMaxIdleTime">5000</Set> >>> >>> </New> >>> >>> </Arg> >>> >>> </Call> >>> >>> >>> >>> <Call name="addConnector"> >>> >>> <Arg> >>> >>> <New class= >>> "org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> >>> >>> <Set name="port">8443</Set> >>> >>> <Set name="maxIdleTime">30000</Set> >>> >>> <Set name="keystore"><SystemProperty name="jetty.home" default >>> ="." />/etc/keystore</Set> >>> >>> <Set name="password">mypassword</Set> >>> >>> <Set name="keyPassword">mypassword</Set> >>> >>> <Set name="truststore"><SystemProperty name="jetty.home" >>> default="." />/etc/keystore</Set> >>> >>> <Set name="trustPassword">mypassword</Set> >>> >>> </New> >>> >>> </Arg> >>> >>> </Call> >>> >>> Does that look correct? >>> >>> Thanks again >>> >>> On Mon, Mar 7, 2011 at 8:34 AM, Mike Pilone <[email protected]> wrote: >>> >>>> Mark, >>>> >>>> >>>> >>>> I'm using Jetty embedded but I was able to get SSL working with the >>>> following code. I didn't have to add any extra libs other than the maven >>>> dependencies on the normal jetty-* projects. >>>> >>>> >>>> >>>> URL keyResource = >>>> ContainerStart.class.getResource("/config/ssl-keystore.jks"); >>>> >>>> sLog.info(format("Loading certificate from keystore [%s].", >>>> keyResource)); >>>> >>>> >>>> >>>> SslSocketConnector connector = new SslSocketConnector(); >>>> >>>> connector.setKeyPassword(keyPassword); >>>> >>>> connector.setKeystore(keyResource.toString()); >>>> >>>> connector.setMaxIdleTime(1000 * 60 * 60); >>>> >>>> connector.setSoLingerTime(-1); >>>> >>>> connector.setPort(sslPort); >>>> >>>> server.addConnector(connector); >>>> >>>> >>>> >>>> -mike >>>> >>>> >>>> >>>> [image: *] | Mike Pilone | Software Architect, Distribution | >>>> [email protected] | o: <202-513-2679>202-513-2679 m: <703-969-7493> >>>> 703-969-7493 >>>> >>>> >>>> >>>> *From:* [email protected] [mailto: >>>> [email protected]] *On Behalf Of *Mark Wyszomierski >>>> *Sent:* Monday, March 07, 2011 1:38 AM >>>> *To:* JETTY user mailing list >>>> *Subject:* Re: [jetty-users] jetty 7 + https ? >>>> >>>> >>>> >>>> Hi Mithul, >>>> >>>> >>>> >>>> The jsse.jar is there, the others are not (maybe they're renamed - not >>>> sure how old that jetty documentation I referenced is?). Is there new >>>> documentation for jetty 7 on this? >>>> >>>> >>>> >>>> I can get jetty to start up, and I can ping port 8443 ok, get a response >>>> and all. But trying to navigate to the url via a browser throws a 102 >>>> error, >>>> connection refused, >>>> >>>> >>>> >>>> Thanks >>>> >>>> >>>> >>>> On Mon, Mar 7, 2011 at 12:07 AM, Mitul Adhia <[email protected]> >>>> wrote: >>>> >>>> Hi Mark, >>>> >>>> >>>> >>>> The jars are available in your JRE installation under lib directory >>>> ..Can you please check their ? >>>> >>>> >>>> >>>> Best Regards, >>>> >>>> Mitul >>>> >>>> >>>> >>>> On Mon, Mar 7, 2011 at 9:53 AM, Mark Wyszomierski <[email protected]> >>>> wrote: >>>> >>>> Hi, >>>> >>>> >>>> >>>> I'm trying to setup jetty 7 for https. I've followed the instructions >>>> here: >>>> >>>> >>>> >>>> >>>> http://docs.codehaus.org/display/JETTY/How+to+configure+SSL#HowtoconfigureSSL-step4 >>>> >>>> >>>> >>>> but not sure about the line: >>>> >>>> >>>> >>>> "(make sure that jcert.jar, jnet.jar and jsse.jar are on your >>>> classpath)" >>>> >>>> >>>> >>>> I'm on mac os 10.6, those jars are not present, and I don't see a place >>>> to download them. Before going further - are these instructions up to date >>>> at all? They still have the mortbay package naming, not sure if these jars >>>> are still necessary with jetty 7. I looked through the eclipse doc pages >>>> for >>>> jetty, but didn't see any updated walkthrough, thought something might be >>>> at: >>>> >>>> >>>> >>>> http://wiki.eclipse.org/Jetty/Howto#Security >>>> >>>> >>>> >>>> no luck. >>>> >>>> >>>> >>>> Thanks >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> jetty-users mailing list >>>> [email protected] >>>> https://dev.eclipse.org/mailman/listinfo/jetty-users >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> jetty-users mailing list >>>> [email protected] >>>> https://dev.eclipse.org/mailman/listinfo/jetty-users >>>> >>>> >>>> >>>> _______________________________________________ >>>> jetty-users mailing list >>>> [email protected] >>>> https://dev.eclipse.org/mailman/listinfo/jetty-users >>>> >>>> >>> >> >> _______________________________________________ >> jetty-users mailing list >> [email protected] >> https://dev.eclipse.org/mailman/listinfo/jetty-users >> >> >
<<image001.jpg>>
_______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
