Skip to content

Instantly share code, notes, and snippets.

@bazi

bazi/ssl_configuration.md

Last active June 30, 2016 05:58
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save bazi/9ca2a7598b95aef4d504f6dca83a692a to your computer and use it in GitHub Desktop.
Save bazi/9ca2a7598b95aef4d504f6dca83a692a to your computer and use it in GitHub Desktop.
Download ZIP
Generating certificates and keys for SSL to used in Jetty
Raw
ssl_configuration.md

Generate key pair, pass phrase will be asked

openssl genrsa -aes128 -out jetty.key

Generate a certificate for the key generated above (you should know the pass phrase for the key). You will be asked to enter some info about you/your org to build a Distinguished Name (DN). The only mandatory response to provide is the fully qualified host name of the server at the "Common Name". Note that i used -days 365 option to make certificate valid for one year, change as needed

openssl req -new -x509 -newkey rsa:2048 -sha256 -days 365 -key jetty.key -out jetty.crt

Combine generated key and certificate files into one file in PKCS12 format. You will be asked the key pass phrase and to enter new 'export password'

openssl pkcs12 -inkey jetty.key -in jetty.crt -export -out jetty.pkcs12

Load the resulting PKCS12 file from previous step into a JSSE keystore with keytool

keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore keystore

Now you can use the keystore generated above for SSL configuration

SERVER = new Server();

// setup HTTP connector
HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.setSecureScheme( "https" );
httpConfig.setSecurePort( 8443 );

ServerConnector http = new ServerConnector( SERVER, new HttpConnectionFactory( httpConfig ) );
http.setPort( 8080 );
http.setIdleTimeout( 15000 );
SERVER.addConnector( http );

// setup HTTPS connector
SslContextFactory sslContextFactory = new SslContextFactory( "/path/to/keystore" );
sslContextFactory.setKeyStorePassword( "keystore-pass" );
sslContextFactory.setKeyManagerPassword( "key-pass-phrase" );

HttpConfiguration httpsConfig = new HttpConfiguration( httpConfig );
SecureRequestCustomizer src = new SecureRequestCustomizer();
src.setStsMaxAge( 2000 );
src.setStsIncludeSubDomains( true );
httpsConfig.addCustomizer( src );

ServerConnector https = new ServerConnector(
        SERVER,
        new SslConnectionFactory( sslContextFactory, HttpVersion.HTTP_1_1.asString() ),
        new HttpConnectionFactory( httpsConfig ) );
https.setPort( 8443 );
https.setIdleTimeout( 30000 );

SERVER.addConnector( https );
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment