Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Language IDEs » ServerTools (WTP) » How to add multiple configure tags supporting different providers in jetty-ssl-context.xml
How to add multiple configure tags supporting different providers in jetty-ssl-context.xml [message #1842894] Mon, 05 July 2021 14:15 Go to next message
Harshal Khanderia is currently offline Harshal KhanderiaFriend
Messages: 1
Registered: July 2021
Junior Member
I have a requirement of supporting two different SSL providers in my jetty server in FIPS mode.
One being SunJSSE and other bouncy castle.
How can I achieve that ?
Is there a way to configure multiple SSLContextFactory with different providers, into the jetty-ssl-context.xml ?
Re: How to add multiple configure tags supporting different providers in jetty-ssl-context.xml [message #1867242 is a reply to message #1842894] Thu, 20 June 2024 08:20 Go to previous message
Gregory Chavez is currently offline Gregory ChavezFriend
Messages: 1
Registered: June 2024
Junior Member
Hello, @ Harshal Khanderia

Understanding the Challenge:
You want to support both SunJSSE and Bouncy Castle as SSL providers in your Jetty server.
Achieving this involves configuring different SSLContextFactory instances for each provider.
Multiple SSL Providers in Jetty:
Jetty allows you to configure multiple SSL connectors with different SSL providers.
To achieve this, you'll need to create separate SSLContextFactory instances--one for each provider.
Step-by-Step Solution:
Here's how you can set it up: a. Create Keystores: - Obtain certificates for both SunJSSE and Bouncy Castle. - Convert them to the appropriate keystore format (e.g., PKCS12 or JKS). b. Configure SSL Contexts: - In your Jetty configuration, create separate XML files for each SSL provider (e.g., sunjsse-ssl.xml and bouncycastle-ssl.xml). - Define an SSLContextFactory in each XML file with the appropriate keystore paths, passwords, and other settings. - For example, in sunjsse-ssl.xml:

```xml
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
<Set name="KeyStorePath">/path/to/sunjsse-keystore</Set>
<Set name="KeyStorePassword">sunjsse-password</Set>
<!-- Other settings as needed -->
</Configure>
```

And in `bouncycastle-ssl.xml`:

```xml
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
<Set name="KeyStorePath">/path/to/bouncycastle-keystore</Set>
<Set name="KeyStorePassword">bouncycastle-password</Set>
<!-- Other settings as needed -->
</Configure>
```
d. Start Jetty: - When starting Jetty, ensure that both sunjsse-ssl.xml and bouncycastle-ssl.xml are included in the configuration.
Testing and Verification:
Start Jetty and verify that both SSL providers are functioning correctly.
You can test by connecting to your server using both SunJSSE and Bouncy Castle clients.



I hope this information is helpful to you.


Best Regard,
Gregory ChavezFlorida Blue
Previous Topic:Unable to run WDT 9.x on Eclipse 2024-03
Next Topic:Easy way to reflect log4j server configuration changes in Eclipse
Goto Forum:
  


Current Time: Tue Dec 10 22:19:37 GMT 2024

Powered by FUDForum. Page generated in 0.03117 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top