I am currently using Jetty for http and want to open up https connectors now. I saw there is a keystore file that comes with Jetty installation under etc directory in jetty home. My understanding is that SSL certificates and keystores are something that users will create/generate and use for their servers.
Could somebody please hemp me understand -- What does this default keystore file that comes with Jetty installation contain and why will somebody ever need this?
Thanks!
The keystore file that Jetty comes with is a demonstration Keystore that is used by the demo webapps.
You are meant to create your own keystore from your own SSL certificates.
As for how to do this, see the documentation from the SSL CA (Certificate Authority) you purchased your certificates from, or from the Jetty documentation.
Related
I'm wondering why we need SSL certificate ? Because the moment we generate the keystore, it does the same functionality. It gives SSL platform.
May I know please why we need certificate and if it really needs then how it works (Certificate merged with keystore) when a third party sends a request to access web-server's website ?
To use the SSL certificate in a web server, you configure your web server software (Apache, NGINX, etc...) to read the certificate. Tutorials on this topic abound; here is a sample set of instructions from DigiCert, who sells SSL certificates: https://www.digicert.com/ssl-certificate-installation-ubuntu-server-with-apache2.htm
We are consuming xml from different datasources. Some are http and some are https. HTTPS with Verisign certificates are working without any issues. However, URLs with Deutsche Telekom Root certificate is not working. The web sphere application server is having the default root certificate which was generated while creating a WAS profile. Do I have to add any other special certificate to make Deutsche Telekom Root certificate work ? Any kind of help is much appreciated.
I don't think I know enough about your setup yet. So by default WebSphere creates it's own root certificate, nothing about it would trust a Verisign certificate. So I wonder about what you are using to make the https connection? It could be something that manages to bypass the WebSphere socket factories and you are actually using the JRE's default, and the cacerts file for trust. Verisign certs are in the cacerts file there are no Deutsche Telekom as far as I can tell.
Or was a Verisign certificate added to your WebSphere truststore at some time?
Typically you have establish trust to make WebSphere trust another server. Retrieving a certificate from a port is a good way to do that.
Alaine
Please, post the WAS version you use.
The reason you cannot setup the connection to ssl port is that WAS doesn't trust to the ssl certificate of the remote host.
You have to add the whole certificate chain of the remote host to the WAS truststore.
You can find the example of how to add the certificate by following link https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=8&cad=rja&uact=8&ved=0CE0QFjAHahUKEwiRy4zsztzGAhXCfHIKHVq-BfM&url=http%3A%2F%2Fwww.webspheretools.com%2Fsites%2Fwebspheretools.nsf%2Fdocs%2FBasic%2520SSL%2520terminalogy%2520and%2520Tips%2520for%2520WebSphere%2520Application%2520Server.Default%2520passwords%2520for%2520SSL%2520keyfile%2520and%2520Truststore.&ei=DwymVdGHDcL5yQPa_JaYDw&usg=AFQjCNE42W06AILWb99iYWiUp7EcbT92iw&sig2=KKYyvAsFET1Ae0fOLSl8zA&bvm=bv.97949915,d.bGQ
After changing ssl certificate authority from Thawte to DigiCert.
SSL certificate installation issue.
After installing new DigiCert ssl certificate in our server. It is still referring to old Thawte ssl certificate even though we removed old certificate from the server.
Looks like you have another vhost file using the old certificate , please remove that from your . Also make sure you properly restart apache after adding the new certificate .
To check your installation you can use the tool below
Thawte certificate checker
To see what certificate you are using, you can use the following tool Tool
This tool will allow you to check what certificate is installed on your server. Then, you can use the utility tool utility tool
You will be able to see all of the certs from your local machine or server. If you don't see the certificate there, you can import your certificate with that tool. If the utility tool mentions that your private key doesn't match, you will have to recreate the CSR with the utility tool and you will have to reissue your cert. If you reissue your cert, you will not invalidate the original request.
I am trying to prepare for the switch in the SSL certificate vendors.
For the the SSL validation, Our Tomcat web application uses a JKS file created from a DigiCert certificate ( *.cer files). Our company is now switching to VeriSign next week. Since they have already provided the new *.cer files, can I simply add the new cert ( using keytool) to the existing JKS so that it works for both certificates. I am trying to avoid any downtime during the switch and prepare the server beforehand?
Any helps will be much appreciated.
You must install the certificate onto the same keystore you created the CSR from as the private key resides there. Otherwise it will not work. Please reference the article below on instructions on how to import into a tomcat server:
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR234&actp=search&viewlocale=en_US&searchid=1369174910074
I have currently deployed a war file in my Jetty 8.x webapps container. I can start the Jetty server and connect to my server using HTTP. I want to be able to connect using HTTPS. What is the easiest way to enable HTTPS on Jetty 8.x? I am willing to use a self-signed certificate if necesssary.
I need the following:
steps to generate and import cert into Jetty (preferably using a self-signed cert)
configuration required in Jetty to support HTTPS / SSL
command line parameters to start Jetty with SSL enabled
Secondly, is anyone aware of how to turn Jetty 8.x so that it can be run as a Windows service?
For more details, I am running into problems enabling SSL on Jetty. I am trying to use a self signed cert for this purpose. I'm using keytool to create a keypair and self signed cert as follows:
keytool -genkey -alias domain -keyalg RSA -keysize 2048 -validity 365 -keystore keystore
I then copy the keystore to my c:\jetty\etc directory. I edit the file 'jetty-ssl.xml' to make sure that the HTTPS port is set to 8443. When I restart the Jetty server, it seems to be listening on port 8443 and the startup sequence doesn't return any errors. However, when I try to connect using HTTPS, I get errors. Is there a prescribed method for generating a self signed cert and using this cert in the SSL configuration with Jetty?
1) http://wiki.eclipse.org/Jetty/Howto/Configure_SSL
2) http://git.codehaus.org/gitweb.cgi?p=jetty-project.git;a=tree;f=jetty-win32;h=e296255dc355f3abf37bf3f4faddfe383505416c;hb=HEAD
You'll need to adapt that for you particular usage, we stopped building it with release quite a while back because its license changed and the version we were using was getting crufty. Alternately take a look at the updated version of the tanuki stuff and if you can handle the license use that.