References
- Configuring SSL/TLS
- Quick Start - Jetty’s maven plugin with SSL
- Creating self-signed certificates for use on Android
Create a maven web application project:
|
|
To run the web application, we configure the maven-jetty-plugin.
maven-jetty-plugin
Add the following configuration to project’s pom.xml
.
|
|
To run the server
|
|
As soon as the server is started you can enter the following url in your browser http://localhost:8080/example-server
As you can see, the server is started and listens on port 8080 by default. If you want to change this, it can easily be configured. Just extend the plugin with a configuration element and add a connector.
|
|
Run Jetty server
|
|
As soon as the server is started you can enter the following url in your browser http://localhost:9090/example-server
maven-jetty-plugin with TLS/SSL support
Generate certificates from letsencrypt.org. You will have
cert.pem
is certificate for your domain, public keychain.pem
is intermediate certificatefullchain.pem
is the chain of trust, certificate chain, or CA bundleprivkey.pem
is the private key
Convert certificate chain + private key to the PKCS#12 file format
|
|
Convert PKCS#12 file into Java keystore format
|
|
Don’t need the PKCS#12 file anymore
|
|
Simply add the following connector element and make sure the keystore.jks
is located in your example-server
directory.
|
|
Run Jetty server
|
|
As soon as the server is started you can enter the following url in your browser https://localhost:9443/example-server
You can test this in a nice way using openssl to see what the server returns when you try to access it on port 9443.
|
|
Finally, if you for some reason want mutual authentication, you also need to specify a trust store in which the server keeps certificates of trusted clients. Extend the previous connector with the following information:
|
|
Now you have a web server up and running your web application with mutual authentication. The clients must provide a valid certificate in order to communicate with the server. At last I just want to add a final element to our configuration. Since TLS/SSL can be quite horrible to troubleshoot, I add the following configuration which gives a lot of nice output :)
|
|