DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Installing Comodo PositiveSSL on Jetty

Christian Grobmeier user avatar by
Christian Grobmeier
·
Nov. 18, 12 · Interview
Like (0)
Save
Tweet
Share
7.19K Views

Join the DZone community and get the full member experience.

Join For Free

I usually buy Comodo Certificates from PSW.net. It was always a pain to get it running because the information found on Comodos website are extremely outdated. So painful it is, their certificates are pretty cheap. That said this is probably the last time I’ll use them because it took me way too much time. If you are in pain too, here is some help.

First, if you are looking for UTNAddTrustServerCA.crt which is described here, I have some news for you. Almost hidden, I found the new necessary hierarchy. It shows clearly that this file is not longer necessary, even when stated on Comodos websites. Once you know that, everything is much more easier.

Let’s start. Create a new certification request (CSR).

openssl req -new -nodes -keyout jetty.key -out jetty.csr -newkey rsa:4096
openssl req -new -x509 -key jetty.key -out jetty.cr

Order a new certificate from PSW and wait until you receive it. You need to authenticate the first time.

Download AddTrustExternalRoot and PositiveSSL CA2 from Comodos website. From PSW you’ll get another Zip-File with your certificate. Put them all into one directory and create a cert chain.

cat www_yourdomain_de.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt > cert-chain.txt

For jetty and Java keystore you’ll need to create a pcks12 file. It’s done like that:

openssl pkcs12 -export -inkey jetty.key -in cert-chain.txt -out jetty.pkcs12

Upload this magic to your server (using SSH of course) and import it to your keystore.

keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore mykeystore

Now that this is done, you just need to tell Jetty to use this keystore. I used this configuration in /etc/jetty.xml.

<Call name="addConnector">
<Arg>
   <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
   <Arg>
      <New class="org.eclipse.jetty.http.ssl.SslContextFactory">
         <Set name="keyStore">/path/to/mykeystore</Set>
         <Set name="keyStorePassword">OBF:encryptedpass</Set>
         <Set name="keyManagerPassword">OBF:encryptedpass</Set>
         <Set name="trustStorePassword">OBF:encryptedpass</Set>
      </New>
   </Arg>
   <Set name="port">8443</Set>
   <Set name="maxIdleTime">30000</Set>
   </New>
</Arg>
</Call>

On restart, your keystore should be used. Don’t forget to create Virtual Host names in your context.

That said, my pain with Comodo clearly has nothing to do with PSW.net. They are a reseller and so far I made great experiences with them. Check them out if you are in need of something SSL related. They work international to my knowledge.

Two more references: Jetty How-To SSL and Oracle Keytool.




Jetty (web server)

Published at DZone with permission of Christian Grobmeier, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Simulate Network Latency and Packet Drop In Linux
  • AIOps Being Powered by Robotic Data Automation
  • Do Not Forget About Testing!
  • Upgrade Guide To Spring Data Elasticsearch 5.0

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: