| Feed Contents | |||
|---|---|---|---|
| Enable SSL in Jetty | by dizzzz | 5-12-2008 23:06 | |
| HowTos | by dizzzz | 31-12-2008 18:45 | |
Enable SSL in Jetty
It is not very difficult to enable HTTPS for exist. Basically the process of enabling SSL in jetty consists of three steps:
- Edit the Jetty configuration
- Create SSL Certficates
- Read the additional notes
Edit the Jetty configuration
- Open
EXIST_HOME/tools/jetty/etc/jetty.xmlin your favourite text editor (jEdit?) - Scroll down to line 69, uncomment line 74 - 93 (element "Call")
<Call name="addListener">
<Arg>
<New class="org.mortbay.http.SunJsseListener">
<Set name="Port">8443</Set>
<Set name="PoolName">P1</Set>
<Set name="MaxIdleTimeMs">30000</Set>
<Set name="lowResources">30</Set>
<Set name="LowResourcePersistTimeMs">2000</Set>
<Set name="Keystore">
<SystemProperty name="jetty.home"
default="."/>/etc/demokeystore</Set>
<Set name="Password">secret</Set>
<Set name="KeyPassword">secret</Set>
<Set name="HttpHandler">
<New class="org.mortbay.http.handler.MsieSslHandler">
<Set name="UserAgentSubString">MSIE 5</Set>
</New>
</Set>
</New>
</Arg>
</Call>
Create SSL Certficates
- Generate the SSL certificates with
./build.sh -f build/scripts/jarsigner.xml jetty-keygen
<!-- Generate FAKE CERTIFICATE for SSL -->
<target name="jetty-keygen" description="Generate keystore for jetty.">
<genkey alias="jetty" storepass="${keystore.password}"
keystore="tools/jetty/etc/demokeystore"
validity="${keystore.validity}">
<dname>
<param name="CN" value="eXist XML database"/>
<param name="OU" value="Anonymous"/>
<param name="O" value="exist-db.org"/>
<param name="C" value="DE"/>
</dname>
</genkey>
</target>
Additional notes
Now you are actually ready!
- Start the server with
bin/startup.sh - Point your browser to https://localhost:8443
Please note only the http traffic to port 8443 is encrypted. Other ports are still unsecure. Check for the following logging in the console:
05 Dec 2008 22:40:16,713 [main] INFO (Container.java [start]:74) - Started WebApplicationContext[/exist,eXist XML Database] 05 Dec 2008 22:40:16,719 [main] INFO (SocketListener.java [start]:205) - Started SocketListener on 0.0.0.0:8080 05 Dec 2008 22:40:16,720 [main] INFO (SunJsseListener.java [createFactory]:185) - jetty.ssl.keystore=/Users/drfoobar/eXist/tools/jetty/etc/demokeystore 05 Dec 2008 22:40:16,720 [main] INFO (SunJsseListener.java [createFactory]:189) - jetty.ssl.password=****** 05 Dec 2008 22:40:16,720 [main] INFO (SunJsseListener.java [createFactory]:195) - jetty.ssl.keypassword=****** 05 Dec 2008 22:40:16,720 [main] INFO (SunJsseListener.java [createFactory]:200) - jetty.ssl.keystore.type=jks 05 Dec 2008 22:40:16,721 [main] INFO (SunJsseListener.java [createFactory]:225) - jetty.ssl.keystore.provider.name=[DEFAULT] 05 Dec 2008 22:40:16,735 [main] INFO (SunJsseListener.java [createFactory]:248) - SSLServerSocketFactory=com.sun.net.ssl.internal.ssl.SSLServerSocketFactoryImpl@95575f 05 Dec 2008 22:40:16,945 [main] INFO (JsseListener.java [newServerSocket]:200) - JsseListener.needClientAuth=false 05 Dec 2008 22:40:16,946 [main] INFO (SocketListener.java [start]:205) - Started SocketListener on 0.0.0.0:8443 05 Dec 2008 22:40:16,946 [main] INFO (Container.java [start]:74) - Started org.mortbay.jetty.Server@eb41e5 ----------------------------------------------------- Server has started on port 8080. Configured contexts: http://localhost:8080/exist ----------------------------------------------------- 05 Dec 2008 22:40:28,891 [P1-9] INFO (Container.java [start]:74) - Started HttpContext[/,/]
If you have a 'real' x509 certificate (free at e.g. Thawte) you might consider to convert your x509 certificate using KeyTool IUI into a Java KeyStore (jks)
- 0 Comments
- Add Comment
HowTos
| SQL Databases | Querying SQL Databases from XQuery (SQLModule) | |
|---|---|---|
| XSLT 2 | Upgrading eXist for XSLT 2.0 (Saxon) | |
| Troubleshooting | Some help for common issues | |
| JettySSL | Enabling SSL in Jetty | |
| Oxygen | Accessing eXist-db 1.3/trunk from the OxygenXML editor |
