We can run our application with http as well as with https. We use https for secure communication over the computer network.
Technically, https is not a protocol in and of itself; rather, it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications.
In this blog, I will explain SSL configuration for jetty to run it with https.
Note : This is for ubuntu 10.04 or greater and java 7.
I used Jetty 8.1.8. Download it from codehaus and choose the .tar.gz file for linux (.zip for windows).
Unzip the file in any directory you wish, this will be your {jetty} home folder for the sake of this article/answer.
Go to the {jetty}/etc directory.
If keystore exists there, then delete this file.
Execute all the following command lines in order. Whenever a password is asked, input the same password all the time. The passwords are used to protect the key file, the key store and the certificate itself. Sometimes, a password will be asked to unlock the key store or to use a generated key. Once you will understand what everything is and how to use the passwords correctly, you may change those passwords when you feel ready (safer for production use). Otherwise, input the requested informations when asked.
- openssl genrsa -des3 -out jetty.key
- openssl req -new -x509 -key jetty.key -out jetty.crt
- keytool -keystore keystore -import -alias jetty -file jetty.crt -trustcacerts
- openssl req -new -key jetty.key -out jetty.csr
- openssl pkcs12 -inkey jetty.key -in jetty.crt -export -out jetty.pkcs12
- keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore keystore
Now you have to edit {jetty}/etc/jetty-ssl.xml and configure your password to match the one you used during certificate generation.
Edit {jetty}/start.ini and uncomment the line #etc/jetty-ssl.xml (just remove the #).
Start jetty:
java -jar start.jar
Now contact your server at: https://localhost:8443
You will find your application running with https.
Hi, can you please explain what each command does?
Also, if I were to use a wildcard certificate in place of jetty.crt and jetty.key, how do I do that? Thanks
Hi, I did all the steps from your instruction, but I get “Server aborted the SSL handshake”? Do you know where is the issue?
Hi, I did all the steps from the instruction, but i get “Server aborted the SSL handshake”? Do you know where is the issue could be?
what for are you calling “openssl req -new -key jetty.key -out jetty.csr” if you don’t use jetty.csr ?
–module=ssl
–module=https
into {Jetty home}/start.ini