geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Geronimo Wiki] Update of "JettySSL" by TobyCabot
Date Thu, 28 Apr 2005 16:50:31 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Geronimo Wiki" for change notification.

The following page has been changed by TobyCabot:
http://wiki.apache.org/geronimo/JettySSL

The comment on the change is:
updated based on changes in March

------------------------------------------------------------------------------
  == Using SSL/HTTPS With Jetty ==
  
- By default (as of 2004-10-08) Geronimo runs http protocol but not https.  I haven't entirely
figured out how to get it to run https yet, but here are some notes that might help you.
+ By default (as of 2005-04-28) Geronimo runs http protocol but not https.  Here are some
notes that might help you get it working.
  
- The first step is to set up a "keystore" that contains a digital certificate.  The server
uses this to authenticate itself to the clients.  There are some links in the Jetty SSL FAQ
below that talk about how to do this.
+ The first step is to set up a "keystore" that contains a digital certificate.  The server
uses this to authenticate itself to the clients.  There are some links in the Jetty SSL FAQ
below that talk about how to do this.  Put the keystore in the geronimo root directory (i.e.
where you'll find `README.txt`) and call it `ssl-keystore`.
    
  To enable SSL add this to your web app's `geronimo-jetty.xml` deployment plan (for more
info on `geronimo-jetty.xml` see ["Deployment"]):
   {{{
- <gbean name="geronimo.server:type=WebConnector,container=Jetty,port=8443" class="org.apache.geronimo.jetty.connector.HTTPSConnector">
+   <gbean name="JettyHTTPSConnector" class="org.apache.geronimo.jetty.connector.HTTPSConnector">
-         <reference name="JettyContainer">geronimo.server:type=WebContainer,container=Jetty</reference>
-         <reference name="ServerInfo">geronimo.system:role=ServerInfo</reference>
+ 
+     <reference name="JettyContainer"><gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Server,J2EEServer=geronimo,j2eeType=GBean,name=JettyWebContainer</gbean-name></reference>
+     <reference name="ServerInfo">    <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/System,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbean-name></reference>
+ 
-         <attribute name="port" type="int">8443</attribute>
+     <attribute name="port" type="int">8443</attribute>
-         <attribute name="keystore" type="java.lang.String">var/security/ssl-keystore</attribute>
+     <attribute name="keystore" type="java.lang.String">ssl-keystore</attribute>
-         <attribute name="password" type="java.lang.String">changeit</attribute>
+     <attribute name="password" type="java.lang.String">password</attribute>
+     <attribute name="keyPassword" type="java.lang.String">password</attribute>
-         <attribute name="keystoreType" type="java.lang.String">JKS</attribute>
+     <attribute name="keystoreType" type="java.lang.String">JKS</attribute>
-         <attribute name="useDefaultTrustStore" type="boolean">false</attribute>
+     <attribute name="useDefaultTrustStore" type="boolean">true</attribute>
-         <attribute name="needClientAuth" type="boolean">false</attribute>
+     <attribute name="needClientAuth" type="boolean">false</attribute>
-     </gbean>
+   </gbean>
  }}}
  
+ When Geronimo runs you should see messages like 
- This is a cut-n-paste from `geronimo/modules/assembly/src/plan/j2ee-server-plan.xml` as
suggested by Jeremy in the link below.
- 
- Geronimo will ask you for a password when it starts, and you'll see log messages like:
   {{{
+ 11:04:12,002 DEBUG main [org.apache.geronimo.gbean.runtime.GBeanInstanceState] GBeanInstanceState
for: geronimo.server:J2EEApplication=your-app,J2EEModule=your.war,J2EEServer=geronimo,j2eeType=GBean,name=JettyHTTPSConnector
State changed from stopped to starting
+ 11:04:12,235 INFO  main [org.mortbay.http.SunJsseListener] jetty.ssl.keystore=/path-to-geronimo/target/ssl-keystore
- 14:24:29,796 INFO  main [SunJsseListener] jetty.ssl.keystore=/eng/home/tcabot/.keystore
- jetty.ssl.password : password
- 14:24:33,940 INFO  main [SunJsseListener] jetty.ssl.password=***********
- jetty.ssl.keypassword [dft] : password
- 14:24:39,035 INFO  main [SunJsseListener] jetty.ssl.keypassword=***********
+ 11:04:12,235 INFO  main [org.mortbay.http.SunJsseListener] jetty.ssl.password=********
+ 11:04:12,236 INFO  main [org.mortbay.http.SunJsseListener] jetty.ssl.keypassword=********
- 14:24:39,035 INFO  main [SunJsseListener] jetty.ssl.keystore.type=jks
+ 11:04:12,236 INFO  main [org.mortbay.http.SunJsseListener] jetty.ssl.keystore.type=JKS
- 14:24:39,036 INFO  main [SunJsseListener] jetty.ssl.keystore.provider.name=[DEFAULT]
+ 11:04:12,306 INFO  main [org.mortbay.http.SunJsseListener] jetty.ssl.keystore.provider.name=[DEFAULT]
- 14:24:39,111 INFO  main [SunJsseListener] SSLServerSocketFactory=com.sun.net.ssl.internal.ssl.SSLServerSocketFactoryImpl@34151f
+ 11:04:12,562 INFO  main [org.mortbay.http.SunJsseListener] SSLServerSocketFactory=com.sun.net.ssl.internal.ssl.SSLServerSocketFactoryImpl@2df
- 14:24:39,150 INFO  main [JsseListener] JsseListener.needClientAuth=false
+ 11:04:12,606 INFO  main [org.mortbay.http.JsseListener] JsseListener.needClientAuth=false
- 14:24:39,188 INFO  main [SocketListener] Started SocketListener on 0.0.0.0:8443
+ 11:04:12,607 INFO  main [org.mortbay.http.SocketListener] Started SocketListener on 0.0.0.0:8443
+ 11:04:12,607 DEBUG main [org.apache.geronimo.gbean.runtime.GBeanInstanceState] GBeanInstanceState
for: geronimo.server:J2EEApplication=your-app,J2EEModule=your.war,J2EEServer=geronimo,j2eeType=GBean,name=JettyHTTPSConnector
State changed from starting to running
- 14:24:39,226 INFO  main [SocketListener] Started SocketListener on 0.0.0.0:8080
- }}}
- 
- You can specify the password on the command line if you'd like:
-  {{{
- $ java -Djetty.ssl.password=password -Djetty.ssl.keypassword=password  -jar target/bin/server.jar
  }}}
  
  Geronimo should now be listening on https://localhost:8443/ .
- 
- === Status ===
- 
- At the moment the server starts, and is listening on port 8443, and it appears to be running
https, but I appear to have botched my certificate generation so I can't establish a connection.
 The browser tells me that the certificate is invalid or corrupt.  If your certificate-fu
is more powerful than mine you'll probably have no problems.
  
  == References ==
  

Mime
View raw message