Configure SSL on jetty server to run it with https

Table of contents
Reading Time: 2 minutes

We can run our application with http as well as with https. We use https for secure communication over the computer network.

Technically, https is not a protocol in and of itself; rather, it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications.

In this blog, I will explain SSL configuration for jetty to run it with https.

Note : This is for ubuntu 10.04 or greater and java 7.

I used Jetty 8.1.8. Download it from codehaus and choose the .tar.gz file for linux (.zip for windows).

Unzip the file in any directory you wish, this will be your {jetty} home folder for the sake of this article/answer.

Go to the {jetty}/etc directory.
If keystore exists there, then delete this file.

Execute all the following command lines in order. Whenever a password is asked, input the same password all the time. The passwords are used to protect the key file, the key store and the certificate itself. Sometimes, a password will be asked to unlock the key store or to use a generated key. Once you will understand what everything is and how to use the passwords correctly, you may change those passwords when you feel ready (safer for production use). Otherwise, input the requested informations when asked.

  • openssl genrsa -des3 -out jetty.key
  • openssl req -new -x509 -key jetty.key -out jetty.crt
  • keytool -keystore keystore -import -alias jetty -file jetty.crt -trustcacerts
  • openssl req -new -key jetty.key -out jetty.csr
  • openssl pkcs12 -inkey jetty.key -in jetty.crt -export -out jetty.pkcs12
  • keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore keystore

Now you have to edit {jetty}/etc/jetty-ssl.xml and configure your password to match the one you used during certificate generation.

Edit {jetty}/start.ini and uncomment the line #etc/jetty-ssl.xml (just remove the #).

Start jetty:

java -jar start.jar

Now contact your server at: https://localhost:8443

You will find your application running with https.

Written by 

Rishi is a tech enthusiast with having around 10 years of experience who loves to solve complex problems with pure quality. He is a functional programmer and loves to learn new trending technologies. His leadership skill is well prooven and has delivered multiple distributed applications with high scalability and availability by keeping the Reactive principles in mind. He is well versed with Scala, Akka, Akka HTTP, Akka Streams, Java8, Reactive principles, Microservice architecture, Async programming, functional programming, distributed systems, AWS, docker.

6 thoughts on “Configure SSL on jetty server to run it with https2 min read

  1. Also, if I were to use a wildcard certificate in place of jetty.crt and jetty.key, how do I do that? Thanks

  2. Hi, I did all the steps from the instruction, but i get “Server aborted the SSL handshake”? Do you know where is the issue could be?

  3. what for are you calling “openssl req -new -key jetty.key -out jetty.csr” if you don’t use jetty.csr ?

Comments are closed.