Configuring jetty truststore unsuccessful [message #1067832] |
Wed, 10 July 2013 19:02 |
Mark Leone Messages: 69 Registered: April 2012 |
Member |
|
|
I'm trying to configure the embedded jetty server in my eclipse IDE to use ssl and require client authentication. This is partly to more conveniently test my RAP application without having to deploy it to tomcat, and also because I'm having a strange problem running in tomcat and I want to see if the same thing happens in jetty.
I set the following properties in my launch configuration for the RAP application:
-Dorg.eclipse.equinox.http.jetty.https.enabled=true
-Dorg.eclipse.equinox.http.jetty.https.port=8445
-Dorg.eclipse.equinox.http.jetty.ssl.keystore=/path/to/my.keystore
-Dorg.eclipse.equinox.http.jetty.ssl.keypassword=password
-Dorg.eclipse.equinox.http.jetty.ssl.truststore=/path/to/my.truststore
-Dorg.eclipse.equinox.http.jetty.ssl.truststorepassword=password
The trustore and keystore are both jks keystores, the same files used in tomcat, for which two-way authentication works properly.
It looks like the keystore setting is working, but not the truststore, because my browser is presented with the server cert from the keystore, but the connection is denied with message "SSL peer cannot verify your certificate".
I tried also setting the trustore properties using javax.net.ssl properties as follows:
-Djavax.net.ssl.trustStore=/path/to/my.truststore
-Djavax.net.ssl.trustStorePassword=password
But I get the same behavior. I also tried setting javax.net.ssl.trustStoreType=jks (and JKS) to no avail.
Can someone tell me the proper way to configure Jetty's truststore with properties?
|
|
|
Powered by
FUDForum. Page generated in 0.03258 seconds