Configure SSL on jetty server to run it with https

Reading Time: 2 minutes

We can run our application with http as well as with https. We use https for secure communication over the computer network.

Technically, https is not a protocol in and of itself; rather, it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications.

In this blog, I will explain SSL configuration for jetty to run it with https.

Note : This is for ubuntu 10.04 or greater and java 7.

I used Jetty 8.1.8. Download it from codehaus and choose the .tar.gz file for linux (.zip for windows).

Unzip the file in any directory you wish, this will be your {jetty} home folder for the sake of this article/answer.

Go to the {jetty}/etc directory.
If keystore exists there, then delete this file.

Execute all the following command lines in order. Whenever a password is asked, input the same password all the time. The passwords are used to protect the key file, the key store and the certificate itself. Sometimes, a password will be asked to unlock the key store or to use a generated key. Once you will understand what everything is and how to use the passwords correctly, you may change those passwords when you feel ready (safer for production use). Otherwise, input the requested informations when asked.

  • openssl genrsa -des3 -out jetty.key
  • openssl req -new -x509 -key jetty.key -out jetty.crt
  • keytool -keystore keystore -import -alias jetty -file jetty.crt -trustcacerts
  • openssl req -new -key jetty.key -out jetty.csr
  • openssl pkcs12 -inkey jetty.key -in jetty.crt -export -out jetty.pkcs12
  • keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore keystore

Now you have to edit {jetty}/etc/jetty-ssl.xml and configure your password to match the one you used during certificate generation.

Edit {jetty}/start.ini and uncomment the line #etc/jetty-ssl.xml (just remove the #).

Start jetty:

java -jar start.jar

Now contact your server at: https://localhost:8443

You will find your application running with https.

Written by 

Rishi is a Lead Consultant, with experience of more than 7 years. Rishi is product focused developer who loves developing both front-end user interfaces and scalable back-end infrastructure. He is a good team player, quick learner and a humble person. He has good time management skills, aimed to give best results and fully dedicated towards his work & responsibilities. He is able to work as individual and as well as in team. He loves to share his knowledge, therefore he often writes technical blogs.

6 thoughts on “Configure SSL on jetty server to run it with https2 min read

  1. Also, if I were to use a wildcard certificate in place of jetty.crt and jetty.key, how do I do that? Thanks

  2. Hi, I did all the steps from your instruction, but I get “Server aborted the SSL handshake”? Do you know where is the issue?

  3. Hi, I did all the steps from the instruction, but i get “Server aborted the SSL handshake”? Do you know where is the issue could be?

  4. what for are you calling “openssl req -new -key jetty.key -out jetty.csr” if you don’t use jetty.csr ?

Comments are closed.

%d bloggers like this: