Jetty SSL

The IntelliJ instance I'm running currently supplies this version of Jetty: jetty-9.2.5.v20141112.

Instructions for SSL on the Eclipse website: http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html

Steps

  1. Generating Key Pairs and Certificates
  2. Requesting Trust (getting certificate signed)
  3. Loading Keys and Certificates
  4. Configuring Jetty SSL Context

Generating Key Pairs and Certs

  • Using OpenSSL so Apache (a non-Java based server) is able to also use the certs.
  • Using -rand argument to provide seed. A logfile full of timestamps provides a good source of randomness.
openssl genrsa -rand <filename> -aes128 -out clueride.com.key
openssl req -new -x509 -newkey rsa:2048 -sha256 -key clueride.com.key -out clueride.com.crt

The second command has a set of responses provided. Record those responses because OpenSSL doesn't record them for the next step.

Requesting Trust

Well, when I got to this step thinking I would be using Let's Encrypt, I found that that site does things a little differently, but I can still probably used the cert they generated for me and the apache installation.

Check the apache config for a secured site and the key location is shown.

Loading Keys and Certs

Was able to use this command while changing the name of the file to the cert provided by Let's Encrypt.

keytool -keystore keystore -import -alias jetty -file jetty.crt -trustcacerts

Configuring Jetty under IntelliJ's Distribution of Jetty

Questions:

  1. Understanding is the same signed certificate could be used by all servers sharing the same domain (clueride.com). This includes sub-domains player.clueride.com and editor.clueride.com.
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License