geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s..@geronimo.apache.org
Subject [Apache Geronimo Wiki] New: JettySSL
Date Fri, 08 Oct 2004 19:26:43 GMT
   Date: 2004-10-08T12:26:43
   Editor: TobyCabot <toby@caboteria.org>
   Wiki: Apache Geronimo Wiki
   Page: JettySSL
   URL: http://wiki.apache.org/geronimo/JettySSL

   no comment

New Page:

== Using SSL/HTTPS With Jetty ==

By default (as of 2004-10-08) Geronimo runs http protocol but not https.  I haven't figured
out how to get it to run https yet, but here are some notes that might help.

The first step is to set up a "keystore" that contains a digital certificate.  The server
uses this to authenticate itself to the clients.  There are some links in the Jetty SSL FAQ
below that talk about how to do this.  Geronimo expects the keystore to be in `~/.keystore`
by default (at least on unix systems).

To enable SSL add this to your web app's `geronimo-jetty.xml` deployment descriptor (for more
info on `geronimo-jetty.xml` see ["Deployment"]:
{{{
    <gbean name="geronimo.server:type=WebConnector,container=Jetty,port=8443" class="org.apache.geronimo.jetty.connector.HTTPSConnector">
        <attribute name="port" type="int">8443</attribute>
        <reference name="JettyContainer">geronimo.server:type=WebContainer,container=Jetty</reference>
    </gbean>
}}}

This is a cut-n-paste from `geronimo/modules/assembly/src/plan/j2ee-server-plan.xml` as suggested
by Jeremy in the link below.

Geronimo will ask you for a password when it starts, and you'll see log messages like:
{{{
14:24:29,796 INFO  main [SunJsseListener] jetty.ssl.keystore=/eng/home/tcabot/.keystore
jetty.ssl.password : password
14:24:33,940 INFO  main [SunJsseListener] jetty.ssl.password=***********
jetty.ssl.keypassword [dft] : password
14:24:39,035 INFO  main [SunJsseListener] jetty.ssl.keypassword=***********
14:24:39,035 INFO  main [SunJsseListener] jetty.ssl.keystore.type=jks
14:24:39,036 INFO  main [SunJsseListener] jetty.ssl.keystore.provider.name=[DEFAULT]
14:24:39,111 INFO  main [SunJsseListener] SSLServerSocketFactory=com.sun.net.ssl.internal.ssl.SSLServerSocketFactoryImpl@34151f
14:24:39,150 INFO  main [JsseListener] JsseListener.needClientAuth=false
14:24:39,188 INFO  main [SocketListener] Started SocketListener on 0.0.0.0:8443
14:24:39,226 INFO  main [SocketListener] Started SocketListener on 0.0.0.0:8080
}}}

=== Status ===

At the moment the server starts, and is listening on port 8443, but it doesn't appear as if
things are all good.  For one thing, traffic over the link doesn't appear to be encrypted
since I can read it in ethereal.

== References ==

http://www.mortbay.org/jetty/faq?s=400-Security&t=ssl - Jetty SSL FAQ

http://nagoya.apache.org/eyebrowse/ReadMsg?listName=user@geronimo.apache.org&msgNo=96
- message from Jeremy Boynes with some hints about how to get started

Mime
View raw message