Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

The following steps are required to configure Jetty for SSL:
Step 1: Generate or obtain a public/private key pair and x509 certificate.
Step 2: Optionally obtain a certificate from a known certificate authority.
Step 3: Load the keys and the certificates into a JSSE Keystore.
Step 4: Configure a JsseListener with the location and passwords for the keystore.

...

The simplest way generate keys and certificates is to use the keytool application that comes with the JDK, as it generates keys and certificates directly into the keystore. See Step 1a.

If you already have keys and certificates, please goto Step 3 to load them into a JSSE key store.

If you have a renewal certificate to replace one that is expiring, take a look at #renewals.

The commands below only generate minimal keys and certificates. You should read the full manuals of the tools you are using if you wish to specify:

...


You now have the minimal requirements to run an SSL connection and could proceed directly to Step 4 to configure an SSL connector.
However the certificate you have generated will not be trusted by the browser and the user will be prompted to this effect. This is often sufficient for testing, but most public site will need to Step 2a to obtain a certificate trusted by most popular clients.

Anchor
step1b
step1b


...


You now have the minimal requirements to run an SSL connection and could proceed directly to Step 3 to load these keys and certificates into a JSSE keystore. However the certificate you have generated will not be trusted by the browser and the user will be prompted to this effect. This is often sufficient for testing, but most public site will need to Step 2b to obtain a certificate trusted by most popular clients.

Anchor
step1c
step1c


...

If you have keys and certificates from other sources, then you can proceed directly to Step 3.

Anchor
step2
step2

Step 2: Request a trusted certificate

...

If you are updating your configuration to use a newer certificate, as when the old one is expiring, just do Step 3. If you imported the key and certificate originally using the PKCS 12 method, use an alias of "1" rather than "jetty", because that is the alias the PKCS12 process enters into the keystore.

Contact the core Jetty developers at www.webtide.com
private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ... scalability guidance for your apps and Ajax/Comet projects ... development services from 1 day to full product delivery