Generate key pair, pass phrase will be asked
openssl genrsa -aes128 -out jetty.key
Generate a certificate for the key generated above (you should know the pass phrase for the key).
You will be asked to enter some info about you/your org to build a Distinguished Name (DN).
The only mandatory response to provide is the fully qualified host name of the server at the "Common Name".
Note that i used -days 365
option to make certificate valid for one year, change as needed
openssl req -new -x509 -newkey rsa:2048 -sha256 -days 365 -key jetty.key -out jetty.crt
Combine generated key and certificate files into one file in PKCS12 format. You will be asked the key pass phrase and to enter new 'export password'
openssl pkcs12 -inkey jetty.key -in jetty.crt -export -out jetty.pkcs12
Load the resulting PKCS12 file from previous step into a JSSE keystore with keytool
keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore keystore
Now you can use the keystore generated above for SSL configuration
SERVER = new Server();
// setup HTTP connector
HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.setSecureScheme( "https" );
httpConfig.setSecurePort( 8443 );
ServerConnector http = new ServerConnector( SERVER, new HttpConnectionFactory( httpConfig ) );
http.setPort( 8080 );
http.setIdleTimeout( 15000 );
SERVER.addConnector( http );
// setup HTTPS connector
SslContextFactory sslContextFactory = new SslContextFactory( "/path/to/keystore" );
sslContextFactory.setKeyStorePassword( "keystore-pass" );
sslContextFactory.setKeyManagerPassword( "key-pass-phrase" );
HttpConfiguration httpsConfig = new HttpConfiguration( httpConfig );
SecureRequestCustomizer src = new SecureRequestCustomizer();
src.setStsMaxAge( 2000 );
src.setStsIncludeSubDomains( true );
httpsConfig.addCustomizer( src );
ServerConnector https = new ServerConnector(
SERVER,
new SslConnectionFactory( sslContextFactory, HttpVersion.HTTP_1_1.asString() ),
new HttpConnectionFactory( httpsConfig ) );
https.setPort( 8443 );
https.setIdleTimeout( 30000 );
SERVER.addConnector( https );