geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Geronimo Wiki] Update of "JettyHttpsConfiguration" by JeremyBoynes
Date Fri, 29 Apr 2005 21:31:08 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Geronimo Wiki" for change notification.

The following page has been changed by JeremyBoynes:
http://wiki.apache.org/geronimo/JettyHttpsConfiguration

------------------------------------------------------------------------------
  ## page was renamed from JettySSL
  == Using SSL/HTTPS With Jetty ==
  
- By default (as of 2005-04-28) Geronimo runs http protocol but not https.  Here are some
notes that might help you get it working.
+ As of revision 165331 (2005-04-29) Geronimo now runs both http and https protocols.
  
+ There is a self-signed keystore included in the distribution in var/security/keystore. This
contains one untrusted certificate that will not be recognized by a browser. This should be
replaced with a certificate signed by a trusted CA as described in the Jetty FAQ or in the
documentation on keytool.
- The first step is to set up a "keystore" that contains a digital certificate.  The server
uses this to authenticate itself to the clients.  There are some links in the Jetty SSL FAQ
below that talk about how to do this.  Put the keystore in the geronimo root directory (i.e.
where you'll find `README.txt`) and call it `ssl-keystore`.
-   
- To enable SSL add this to your web app's `geronimo-jetty.xml` deployment plan (for more
info on `geronimo-jetty.xml` see ["Deployment"]):
-  {{{
-   <gbean name="JettyHTTPSConnector" class="org.apache.geronimo.jetty.connector.HTTPSConnector">
  
+ This uses the new !SslConnector from Jetty that uses the standard javax.net.ssl API rather
than Sun's JSSE implementation. This should work with any JVM, not just Sun's implementation.
The properties for this connector are slightly different than described in the Jetty documentation.
-     <reference name="JettyContainer"><gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Server,J2EEServer=geronimo,j2eeType=GBean,name=JettyWebContainer</gbean-name></reference>
-     <reference name="ServerInfo">    <gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/System,J2EEServer=geronimo,j2eeType=GBean,name=ServerInfo</gbean-name></reference>
  
+ A default connector is defined in the server plan:
+ {{{
+     <gbean name="JettySSLConnector" class="org.apache.geronimo.jetty.connector.HTTPSConnector">
-     <attribute name="port" type="int">8443</attribute>
+         <attribute name="port">8443</attribute>
+         <attribute name="keystore">var/security/keystore</attribute>
-     <attribute name="keystore" type="java.lang.String">ssl-keystore</attribute>
-     <attribute name="password" type="java.lang.String">password</attribute>
-     <attribute name="keyPassword" type="java.lang.String">password</attribute>
-     <attribute name="keystoreType" type="java.lang.String">JKS</attribute>
+         <attribute name="keystoreType">JKS</attribute>
-     <attribute name="useDefaultTrustStore" type="boolean">true</attribute>
+         <attribute name="password">secret</attribute>
+         <attribute name="keyPassword">secret</attribute>
-     <attribute name="needClientAuth" type="boolean">false</attribute>
+         <attribute name="needClientAuth">false</attribute>
+         <attribute name="protocol">TLS</attribute>
+         <reference name="JettyContainer"><name>JettyWebContainer</name></reference>
+         <reference name="ServerInfo"><module>org/apache/geronimo/System</module><name>ServerInfo</name></reference>
-   </gbean>
+     </gbean>
+ 
  }}}
  
+ ||Attribute||Description||
+ ||port||The port to listen on||
+ ||keystore||The location of the keystore, resolved relative to ServerInfo||
+ ||keystoreType||The type of keystore, JKS for the default store||
+ ||password||The store password||
+ ||keyPassword||The key password, often the same as the store password||
+ ||needClientAuth||Whether clients must provide a certificate||
+ ||protocol||Wire protocol||
+ ||algorithm||Encryption algorithm to use, if omitted uses the JVM's default||
- When Geronimo runs you should see messages like 
-  {{{
- 11:04:12,002 DEBUG main [org.apache.geronimo.gbean.runtime.GBeanInstanceState] GBeanInstanceState
for: geronimo.server:J2EEApplication=your-app,J2EEModule=your.war,J2EEServer=geronimo,j2eeType=GBean,name=JettyHTTPSConnector
State changed from stopped to starting
- 11:04:12,235 INFO  main [org.mortbay.http.SunJsseListener] jetty.ssl.keystore=/path-to-geronimo/target/ssl-keystore
- 11:04:12,235 INFO  main [org.mortbay.http.SunJsseListener] jetty.ssl.password=********
- 11:04:12,236 INFO  main [org.mortbay.http.SunJsseListener] jetty.ssl.keypassword=********
- 11:04:12,236 INFO  main [org.mortbay.http.SunJsseListener] jetty.ssl.keystore.type=JKS
- 11:04:12,306 INFO  main [org.mortbay.http.SunJsseListener] jetty.ssl.keystore.provider.name=[DEFAULT]
- 11:04:12,562 INFO  main [org.mortbay.http.SunJsseListener] SSLServerSocketFactory=com.sun.net.ssl.internal.ssl.SSLServerSocketFactoryImpl@2df
- 11:04:12,606 INFO  main [org.mortbay.http.JsseListener] JsseListener.needClientAuth=false
- 11:04:12,607 INFO  main [org.mortbay.http.SocketListener] Started SocketListener on 0.0.0.0:8443
- 11:04:12,607 DEBUG main [org.apache.geronimo.gbean.runtime.GBeanInstanceState] GBeanInstanceState
for: geronimo.server:J2EEApplication=your-app,J2EEModule=your.war,J2EEServer=geronimo,j2eeType=GBean,name=JettyHTTPSConnector
State changed from starting to running
- }}}
- 
- Geronimo should now be listening on https://localhost:8443/ .
  
  == References ==
  

Mime
View raw message