Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Jetty 10 SSL configuration
  • From: "Esquivel, Vince" <Esquivelv@xxxxxxx>
  • Date: Fri, 13 May 2022 20:11:08 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uhd.edu; dmarc=pass action=none header.from=uhd.edu; dkim=pass header.d=uhd.edu; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1E35AmvNsY7BSO0610AKggN+CBGzzKs+SdOPvXNpLlE=; b=aI3TC91lKhHVywUWsOtY2iGnkN27pJ6T0/fUmql/HxnK77bw04Zgyz7eNUVwgnDejRwb6iHC1Kv9EbSAQZxcv1O6m1RIqrlSzPz3gMeG7YhIKmMJFoU0L5kMrIk1A9J7L0ZsdlCuBwVAnj7WFRKNe0z0GwkyZHU/HUtL7ZzGhBgU3sKZHqChYGabcdJ4CTQ51Q8Y7pNMCXJ134i2pE5Gblt1HY65grKez8SpXGE9bekdLxHowMVN7GfihPrBNmDTo1C2ElOaJMdOFwTghw23MkxiYwU3pikfFvahXSfyzFQN17Oo6GLZKQtRuRKWoRS1SmBXArEH0YRQgqdTupP2yw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SVUa7NelPqD2E/94bvcbr9mIMEmpSH0bJDXale6wfO4rGkJkiOc7ml6NFfJbXqtHu1pXSsiuK5y64pZ/VyJSpMe0DHIWDcGQSdBRdk1i7UDAiTBsmy5oqTk5BBvOYaujvcBhdBhnXYuOTSn7U1Siaygau099ZW00K451fgsLDiWaFOOANXsKm80B5ufGGyAacu7fq80PmuBP9Cl3Iuaf1FEo+ItY+qDBRhUT9GeGPcaHxWKrtKhTdtG5lSX9Q3gLxFCJMzEeNjlPkOOOYTt/RDTIkMxLaLsWkJ+svM0h01sJ9CplWnCTaFDgpRRjvI9gqkRkY7tgsJNGEh2cfY10mw==
  • Delivered-to: jetty-users@xxxxxxxxxxx
  • List-archive: <https://www.eclipse.org/mailman/private/jetty-users/>
  • List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
  • List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
  • List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
  • Thread-index: AdhmPjHwWSxL4IM4Ql+jvSl6avjIhQABgmWAAAAfROAALcrsAAAAJ56w
  • Thread-topic: [jetty-users] Jetty 10 SSL configuration

Thank you Joakim for the great information.  I do happen to be using Java 11 on RHEL 8 because the Shibboleth IDP application requires it. So, I am not sure what I will have to look out for, since I am using Java 11.

 

 

Thanks

 

Vince

 

From: jetty-users <jetty-users-bounces@xxxxxxxxxxx> On Behalf Of Joakim Erdfelt
Sent: Friday, May 13, 2022 2:02 PM
To: JETTY user mailing list <jetty-users@xxxxxxxxxxx>
Subject: Re: [jetty-users] Jetty 10 SSL configuration

 

Hoo boy, this is a HUGE topic, and is not suitable for email.

 

The basics,

For server side TLS (this is what it's called now, SSL is dead, long live TLS), you'll need ...

 

* A Java keystore (required)

* A Java truststore (optional, you don't have to create one, you can even just use the built in defaults)

* A Jetty configuration to find the keystore file (this is the SslContextFactory.Server)

* A Jetty configuration for your connector (the thing that accepts connections)

* A Jetty configuration to find the specific details in the keystore that you want to use for that connector.

 

For the Java keystore, you'll want PKCS12 format, and the techniques to get your certificates into that keystore are documented all over the internet.

Just pick documentation that suits your version of Java and OS best. (so don't pick documentation talking about Java 7 on Windows if you are using Java 11 on Linux, as the tools you will use will be different).

 

Once you have this keystore file setup with your certificates you'll need to setup the configurations on Jetty side (listed above).

You'll need to know things like the keystore passwords and any aliases within the keystore you might have configured, etc.

Then you'll optionally have to setup permissions on your OS to allow Jetty to bind to port 443. (do yourself a favor and use 8443 while testing, make sure it works on that port first, then worry about the OS permissions issue when you switch to port 443).

 

Joakim Erdfelt / joakim@xxxxxxxxxxx

 

 

On Thu, May 12, 2022 at 4:17 PM Esquivel, Vince <Esquivelv@xxxxxxx> wrote:

Thanks Joakim for the info, I have looked through that but still a little foggy about it all.  You are correct, I meant to say port 443 and not 80.

 

Vince

 

From: jetty-users <jetty-users-bounces@xxxxxxxxxxx> On Behalf Of Joakim Erdfelt
Sent: Thursday, May 12, 2022 4:07 PM
To: JETTY user mailing list <jetty-users@xxxxxxxxxxx>
Subject: Re: [jetty-users] Jetty 10 SSL configuration

 

Start here 

 

 

You'll want to know about Connectors, thru to SslContextFactory.

You'll also need to consult RHEL documentation on allowing a program to bind to port 80 or 443.

 

Note: port 80 is not for SSL its for http (plaintext)

Use 443, that's the default for https (TLS / SSL)


Joakim Erdfelt / joakim@xxxxxxxxxxx

 

 

On Thu, May 12, 2022 at 3:26 PM Esquivel, Vince <Esquivelv@xxxxxxx> wrote:

I installed jetty 10 on my RHEL 8 server but having a hard time configuring SSL on it.  I am a jetty newbie and trying to learn on the fly.  Does anyone have a link or document on how to configure SSL on port 80 for Jetty 10?

 

Thanks in advance.

 

Vince

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users

Back to the top