The IntelliJ instance I'm running currently supplies this version of Jetty: jetty-9.2.5.v20141112.
Instructions for SSL on the Eclipse website: http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html
- Generating Key Pairs and Certificates
- Requesting Trust (getting certificate signed)
- Loading Keys and Certificates
- Configuring Jetty SSL Context
Generating Key Pairs and Certs
- Using OpenSSL so Apache (a non-Java based server) is able to also use the certs.
- Using -rand argument to provide seed. A logfile full of timestamps provides a good source of randomness.
openssl genrsa -rand <filename> -aes128 -out clueride.com.key openssl req -new -x509 -newkey rsa:2048 -sha256 -key clueride.com.key -out clueride.com.crt
The second command has a set of responses provided. Record those responses because OpenSSL doesn't record them for the next step.
Well, when I got to this step thinking I would be using Let's Encrypt, I found that that site does things a little differently, but I can still probably used the cert they generated for me and the apache installation.
Check the apache config for a secured site and the key location is shown.
Loading Keys and Certs
Was able to use this command while changing the name of the file to the cert provided by Let's Encrypt.
keytool -keystore keystore -import -alias jetty -file jetty.crt -trustcacerts
Configuring Jetty under IntelliJ's Distribution of Jetty
- Understanding is the same signed certificate could be used by all servers sharing the same domain (clueride.com). This includes sub-domains player.clueride.com and editor.clueride.com.