[jetty-users] Getting SSL working

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-users] Getting SSL working

From: John English <john.foreign@xxxxxxxxx>
Date: Tue, 17 Jan 2017 19:27:57 +0200
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0

I'm a complete SSL newbie, and am trying to get things going with a freecertificate from Let's Encrypt. I have an old Jetty 8.1.4 setup whichworked fine with a self-signed certificate (yes, I know 8.1.4 is old anddestined for the dustbin, but please hear me out!).


What I did:

1. Import fullchain.pem (the all-in-one combined certificate and CAchain) using the JDK keytool:

keytool -keystore keystore.test -import -alias foo.ddns.net -file/etc/letsencrypt/live/foo.ddns.net/fullchain.pem -trustcacerts


2. Start the server:

java -jar start.jar OPTIONS=Server etc/jetty.xml

Jetty.xml sets up HTTP on port 8080 and HTTPS on port 9443. I canconnect to port 8080 via HTTP, but using Firefox to connect to HTTPS onport 9443 gives the error message "Secure connection failed: theconnection to foo.ddns.net was interrupted while the page was loading.The page you are trying to view cannot be shown because the authenticityof the received data could not be verified." This tells me nothing aboutthe problem.


Can anyone tell me how to even get started figuring out what is going wrong?

Jetty.xml is configured like this:

  <Call name="addConnector">
    <Arg>
      <New class="org.eclipse.jetty.server.nio.SelectChannelConnector">
        <Set name="Port">8080</Set>
      </New>
    </Arg>
  </Call>

  <Call name="setHandler">
    <Arg>
      <New class="org.eclipse.jetty.webapp.WebAppContext">
        <Set name="Descriptor">

<Property name="jetty.home" default="."/>/webapps/ssltest/WEB-INF/web.xml

        </Set>
        <Set name="ResourceBase">
          <Property name="jetty.home" default="." />/webapps/ssltest
        </Set>
        <Set name="ContextPath">/</Set>
      </New>
    </Arg>
  </Call>

  <Call name="addConnector">
    <Arg>
      <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
        <Set name="Port">9443</Set>
        <Set name="MaxIdleTime">30000</Set>
        <Set name="Acceptors">2</Set>
        <Set name="AcceptQueueSize">100</Set>

<Set name="Keystore"><Property name="jetty.home" default="."/>/keystore.test</Set>

        <Set name="Password">foo</Set>
        <Set name="KeyPassword">foo</Set>
      </New>
    </Arg>
  </Call>

  <Call name="setHandler">
    <Arg>
      <New class="org.eclipse.jetty.webapp.WebAppContext">
        <Set name="Descriptor">

<Property name="jetty.home" default="."/>/webapps/ssltest/WEB-INF/web.xml

        </Set>
        <Set name="ResourceBase">
          <Property name="jetty.home" default="." />/webapps/ssltest
        </Set>
        <Set name="ContextPath">/</Set>
      </New>
    </Arg>
  </Call>

Thanks!
--
John English

Follow-Ups:
- Re: [jetty-users] Getting SSL working
  - From: Brian Reichert

Prev by Date: Re: [jetty-users] org.eclipse.jetty.server.SecureRequestCustomizer default on jetty-9.3.15
Next by Date: Re: [jetty-users] Getting SSL working
Previous by thread: [jetty-users] org.eclipse.jetty.server.SecureRequestCustomizer default on jetty-9.3.15
Next by thread: Re: [jetty-users] Getting SSL working
Index(es):
- Date
- Thread

Breadcrumbs