Configure SSL on jetty server to run it with https

We can run our application with http as well as with https. We use https for secure communication over the computer network.

Technically, https is not a protocol in and of itself; rather, it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications.

In this blog, I will explain SSL configuration for jetty to run it with https.

Note : This is for ubuntu 10.04 or greater and java 7.

I used Jetty 8.1.8. Download it from codehaus and choose the .tar.gz file for linux (.zip for windows).

Unzip the file in any directory you wish, this will be your {jetty} home folder for the sake of this article/answer.

Go to the {jetty}/etc directory.
If keystore exists there, then delete this file.

Execute all the following command lines in order. Whenever a password is asked, input the same password all the time. The passwords are used to protect the key file, the key store and the certificate itself. Sometimes, a password will be asked to unlock the key store or to use a generated key. Once you will understand what everything is and how to use the passwords correctly, you may change those passwords when you feel ready (safer for production use). Otherwise, input the requested informations when asked.

  • openssl genrsa -des3 -out jetty.key
  • openssl req -new -x509 -key jetty.key -out jetty.crt
  • keytool -keystore keystore -import -alias jetty -file jetty.crt -trustcacerts
  • openssl req -new -key jetty.key -out jetty.csr
  • openssl pkcs12 -inkey jetty.key -in jetty.crt -export -out jetty.pkcs12
  • keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore keystore

Now you have to edit {jetty}/etc/jetty-ssl.xml and configure your password to match the one you used during certificate generation.

Edit {jetty}/start.ini and uncomment the line #etc/jetty-ssl.xml (just remove the #).

Start jetty:

java -jar start.jar

Now contact your server at: https://localhost:8443

You will find your application running with https.

About Rishi Khandelwal

Lead Consultant having more than 6 years industry experience. He has working experience in various technologies such as Scala, Java8, Play, Akka, Lagom, Spark, Hive, Kafka, Cassandra, Akka-http, Akka-Streams, ElasticSearch, Backbone.js, html5, javascript, Less, Amazon EC2, WebRTC, SBT
This entry was posted in Agile, Cloud, Scala, Web and tagged , . Bookmark the permalink.

6 Responses to Configure SSL on jetty server to run it with https

  1. ss says:

    Hi, can you please explain what each command does?

  2. ss says:

    Also, if I were to use a wildcard certificate in place of jetty.crt and jetty.key, how do I do that? Thanks

  3. deezzel says:

    Hi, I did all the steps from your instruction, but I get “Server aborted the SSL handshake”? Do you know where is the issue?

  4. deezzel says:

    Hi, I did all the steps from the instruction, but i get “Server aborted the SSL handshake”? Do you know where is the issue could be?

  5. lh says:

    what for are you calling “openssl req -new -key jetty.key -out jetty.csr” if you don’t use jetty.csr ?

  6. Vidya Patil says:


    into {Jetty home}/start.ini

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s