|
Re: How to add multiple configure tags supporting different providers in jetty-ssl-context.xml [message #1867242 is a reply to message #1842894] |
Thu, 20 June 2024 08:20 |
Gregory Chavez Messages: 1 Registered: June 2024 |
Junior Member |
|
|
Hello, @ Harshal Khanderia
Understanding the Challenge:
You want to support both SunJSSE and Bouncy Castle as SSL providers in your Jetty server.
Achieving this involves configuring different SSLContextFactory instances for each provider.
Multiple SSL Providers in Jetty:
Jetty allows you to configure multiple SSL connectors with different SSL providers.
To achieve this, you'll need to create separate SSLContextFactory instances--one for each provider.
Step-by-Step Solution:
Here's how you can set it up: a. Create Keystores: - Obtain certificates for both SunJSSE and Bouncy Castle. - Convert them to the appropriate keystore format (e.g., PKCS12 or JKS). b. Configure SSL Contexts: - In your Jetty configuration, create separate XML files for each SSL provider (e.g., sunjsse-ssl.xml and bouncycastle-ssl.xml). - Define an SSLContextFactory in each XML file with the appropriate keystore paths, passwords, and other settings. - For example, in sunjsse-ssl.xml:
```xml
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
<Set name="KeyStorePath">/path/to/sunjsse-keystore</Set>
<Set name="KeyStorePassword">sunjsse-password</Set>
<!-- Other settings as needed -->
</Configure>
```
And in `bouncycastle-ssl.xml`:
```xml
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
<Set name="KeyStorePath">/path/to/bouncycastle-keystore</Set>
<Set name="KeyStorePassword">bouncycastle-password</Set>
<!-- Other settings as needed -->
</Configure>
```
d. Start Jetty: - When starting Jetty, ensure that both sunjsse-ssl.xml and bouncycastle-ssl.xml are included in the configuration.
Testing and Verification:
Start Jetty and verify that both SSL providers are functioning correctly.
You can test by connecting to your server using both SunJSSE and Bouncy Castle clients.
I hope this information is helpful to you.
Best Regard,
Gregory ChavezFlorida Blue
|
|
|
Powered by
FUDForum. Page generated in 0.03117 seconds