[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-users] TLS ALPN ACME Lets Encrypt challange
|
Hi,
On Wed, Nov 30, 2022 at 9:18 AM Info <info@xxxxxxxxxx> wrote:
>
> Hi,
>
> I am swimming in all directions as well. I get the ALPN TSL extension
> for switching the protocol and it is working. So, do I need to create a
> connection factory and connection for the ACME protocol similar to HTTP2?
I don't think so.
If I read https://www.rfc-editor.org/rfc/rfc8737 correctly, your
server must reply with a proper certificate with the "acmeIdentifier"
to a connection with the ALPN protocol of "acme-tls/1".
Once the TLS handshake is successful, the connection can be closed, no
data is exchanged, hence no ConnectionFactory to implement.
> And where do I manage to create a ACME session for communicating with
> the certificate provider lets encrypt, within a Jetty handler using the
> above connection? Or more down the chain in a servlet or the like?
This is the job of an ACME client, whatever you choose, not your job.
--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.