Main Page Computing Hobbies Fun About

HTTPS in Jetty using CAcert

Category: Computing Keywords: securitywebjava Share on Facebook Share on Twitter Share on Digg

This is how to set up HTTPS in Jetty 6 with a free SSL certificate signed by CAcert:

  1. Generate a certificate:
    keytool -keystore keystore -alias jetty -genkey -keyalg RSA
    Choose a password, enter the domain name for "first and last name", leave the other fields blank (unless you know you can get CAcert to include more details).
  2. Generate a signing request:
    keytool -certreq -alias jetty -keystore keystore -file jetty.csr
  3. Download the CAcert root certificate:
    On www.cacert.org go to "Root Certificate" (currently at https://www.cacert.org/index.php?id=3), and download the Class 1 key in PEM format - right-click, save as, and call it cacert.crt.
  4. Import the CAcert root certificate:
    keytool -keystore keystore -import -alias cacert -file cacert.crt
    Compare the fingerprints with the ones on the website, then select "yes" to trust the certificate.
  5. Get your certificate signed:
    For this to work, you need to have your domain added and verified in your CAcert account. If you haven't done that yet, then you have to do it.
    Then log in to www.cacert.org, go to "Server Certificates", click "New", paste the contents of jetty.csr and submit.
    Copy the returned certificate and save it into a file called jetty.crt.
  6. Import the signed certificate:
    keytool -keystore keystore -import -alias jetty -file jetty.crt
  7. Add the certificate to Jetty:
    Copy the keystore to Jetty's "etc" folder, then edit jetty.xml and add:
    <Call name="addConnector">
  <Arg>
    <New class="org.mortbay.jetty.security.SslSocketConnector">
      <Set name="Port">443</Set>
      <Set name="maxIdleTime">30000</Set>
      <Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
      <Set name="password">the_password</Set>
      <Set name="keyPassword">the_password</Set>
      <Set name="truststore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
      <Set name="trustPassword">the_password</Set>
    </New>
  </Arg>
</Call>

For other ways and more details, see How to configure SSL on the Jetty wiki.

Created on 20 May 2009, last updated on 07 Jun 2009 Valid HTML5

Add a comment

Your name:Email address:
(will not be displayed)
Title:
Comment:
Note: your comment will be reviewed, and displayed later if approved.
If you see this box, please leave it empty:
Your name:Email address:
(will not be displayed)
Title:
Comment:
Note: your comment will be reviewed, and displayed later if approved.
If you see this box, please leave it empty: