documentation/9.4.x/jetty-ssl-distribution.html - www.eclipse.org/jetty - Git at Google

 <html><head>
       <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
    <title>SSL in the Jetty Distribution</title><link rel="stylesheet" type="text/css" href="css/docbook.css"><meta name="generator" content="DocBook XSL Stylesheets V1.79.1"><meta name="keywords" content="jetty, servlet, servlet-api, cometd, http, websocket, eclipse, maven, java, server, software"><link rel="home" href="index.html" title="Jetty"><link rel="up" href="configuring-connectors.html" title="Chapter&nbsp;6.&nbsp;Configuring Jetty Connectors"><link rel="prev" href="configuring-ssl.html" title="Configuring SSL/TLS"><link rel="next" href="configuring-security.html" title="Chapter&nbsp;7.&nbsp;Configuring Security"><link xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" rel="shortcut icon" href="images/favicon.ico"><link rel="stylesheet" href="css/highlighter/foundation.css"><script src="js/highlight.pack.js"></script><script>
       hljs.initHighlightingOnLoad();
     </script><link type="text/css" rel="stylesheet" href="css/font-awesome/font-awesome.min.css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><table xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><tr><td style="width: 25%"><a href="http://www.eclipse.org/jetty"><img src="images/jetty-header-logo.png" alt="Jetty Logo"></a><br><span style="font-size: small">
             Version: 9.4.28-SNAPSHOT</span></td><td style="width: 50%"></td></tr></table><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">SSL in the Jetty Distribution</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="configuring-ssl.html"><i class="fa fa-chevron-left" aria-hidden="true"></i> Previous</a>&nbsp;</td><th width="60%" align="center">Chapter&nbsp;6.&nbsp;Configuring Jetty Connectors<br><a accesskey="p" href="index.html"><i class="fa fa-home" aria-hidden="true"></i> Home</a></th><td width="20%" align="right">&nbsp;<a accesskey="n" href="configuring-security.html">Next <i class="fa fa-chevron-right" aria-hidden="true"></i></a></td></tr></table><hr></div><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="jetty-callout"><h5 class="callout"><a href="http://www.webtide.com/">Contact the core Jetty developers at
           <span class="website">www.webtide.com</span></a></h5><p>
  private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ...
  scalability guidance for your apps and Ajax/Comet projects ... development services for sponsored feature development
       </p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="jetty-ssl-distribution"></a>SSL in the Jetty Distribution</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="jetty-ssl-distribution.html#_default_jsse_ssl_configuration">Default JSSE SSL Configuration</a></span></dt><dt><span class="section"><a href="jetty-ssl-distribution.html#jetty-conscrypt-distribution">Conscrypt SSL Configuration</a></span></dt><dt><span class="section"><a href="jetty-ssl-distribution.html#client-certificate-authentication">Client Certificate Authentication</a></span></dt></dl></div><p>When making use of the Jetty Distribution, enabling SSL support is as easy as activating the appropriate module.
 Jetty supports both the default <a class="link" href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html" target="_top">JSSE</a>
 provider and the <a class="link" href="https://github.com/google/conscrypt/" target="_top">Conscrypt</a> provider as SSL implementations.</p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="_default_jsse_ssl_configuration"></a>Default JSSE SSL Configuration</h3></div></div></div><p>For the default SSL support, simply activate the <code class="literal">ssl</code> <a class="link" href="startup-modules.html" title="Managing Startup Modules">module</a>:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>$ cd /path/to/mybase
 $ java -jar ${JETTY_HOME}/start.jar --add-to-startd=ssl
 INFO : server          initialised (transitively) in ${jetty.base}/start.d/server.ini
 INFO : ssl             initialised in ${jetty.base}/start.d/ssl.ini
 INFO : Base directory was modified
 $ tree
 .
 &#9500;&#9472;&#9472; etc
 &#9474;&nbsp;&nbsp; &#9492;&#9472;&#9472; keystore
 &#9492;&#9472;&#9472; start.d
     &#9500;&#9472;&#9472; server.ini
     &#9492;&#9472;&#9472; ssl.ini</code></pre><p>When you open <code class="literal">start.d/ssl.ini</code>, you will see several commented properties ready for use when configuring <code class="literal">SslContextFactory</code> basics.</p><p>To highlight some of the more commonly used properties:</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">jetty.ssl.host</span></dt><dd>Configures which interfaces the SSL/TLS Connector should listen on.</dd><dt><span class="term">jetty.ssl.port</span></dt><dd>Configures which port the SSL/TLS Connector should listen on.</dd><dt><span class="term">jetty.httpConfig.securePort</span></dt><dd>If a webapp needs to redirect to a secure version of the same resource, then this is the port reported back on the response <code class="literal">location</code> line (having this be separate is useful if you have something sitting in front of Jetty, such as a Load Balancer or proxy).</dd><dt><span class="term">jetty.sslContext.keyStorePath</span></dt><dd>Sets the location of the <code class="literal">keystore</code> that you configured with your certificates.</dd><dt><span class="term">jetty.sslContext.keyStorePassword</span></dt><dd>Sets the Password for the <code class="literal">keystore</code>.</dd></dl></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="jetty-conscrypt-distribution"></a>Conscrypt SSL Configuration</h3></div></div></div><p>Enabling Conscrypt SSL is just as easy as default SSL - enable both the <code class="literal">conscrypt</code> and <code class="literal">ssl</code> <a class="link" href="startup-modules.html" title="Managing Startup Modules">modules</a>:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>$ cd ${JETTY_HOME}
 $ java -jar ../start.jar --add-to-start=ssl,conscrypt

 ALERT: There are enabled module(s) with licenses.
 The following 1 module(s):
  + contains software not provided by the Eclipse Foundation!
  + contains software not covered by the Eclipse Public License!
  + has not been audited for compliance with its license

  Module: conscrypt
   + Conscrypt is distributed under the Apache Licence 2.0
   + https://github.com/google/conscrypt/blob/master/LICENSE

 Proceed (y/N)? y
 INFO  : server          transitively enabled, ini template available with --add-to-start=server
 INFO  : conscrypt       initialized in ${jetty.base}/start.d/conscrypt.ini
 INFO  : ssl             initialized in ${jetty.base}/start.d/ssl.ini
 MKDIR : ${jetty.base}/lib/conscrypt
 DOWNLD: https://repo1.maven.org/maven2/org/conscrypt/conscrypt-openjdk-uber/1.0.0.RC11/conscrypt-openjdk-uber-1.0.0.RC11.jar to ${jetty.base}/lib/conscrypt/conscrypt-uber-1.0.0.RC11.jar
 MKDIR : ${jetty.base}/etc
 COPY  : ${jetty.home}/modules/conscrypt/conscrypt.xml to ${jetty.base}/etc/conscrypt.xml
 COPY  : ${jetty.home}/modules/ssl/keystore to ${jetty.base}/etc/keystore
 INFO  : Base directory was modified</code></pre><p>No additional Conscrypt configuration is needed.
 SSL-specific parameters, like <code class="literal">keyStorePath</code> and <code class="literal">keyStorePassword</code> can still configured as in the example above, making use of the <code class="literal">${JETTY_BASE}/start.d/ssl.ini</code> file.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="client-certificate-authentication"></a>Client Certificate Authentication</h3></div></div></div><p>To enable client certificate authentication in the Jetty Distribution, you need to enable the both the <code class="literal">ssl</code> and <code class="literal">https</code> modules.</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>$ cd /path/to/mybase
 $ java -jar /path/to/jetty-dist/start.jar --add-to-startd=ssl,https</code></pre><p><b>$JETTY_BASE/start.d/ssl.ini.&nbsp;</b>
 </p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code># Module: ssl
 --module=ssl

 jetty.ssl.host=0.0.0.0
 jetty.ssl.port=8583
 jetty.sslContext.keyStorePath=etc/keystore
 jetty.sslContext.trustStorePath=etc/truststore
 jetty.sslContext.keyStorePassword=OBF:
 jetty.sslContext.keyManagerPassword=OBF:
 jetty.sslContext.trustStorePassword=OBF:
 # Enable client certificate authentication.
 jetty.sslContext.needClientAuth=true</code></pre><p>
 </p><p><b>$JETTY_BASE/start.d/https.ini.&nbsp;</b>
 </p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code># Module: https
 --module=https</code></pre><p>
 </p></div></div><script type="text/javascript">
       SyntaxHighlighter.all()
     </script><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="configuring-ssl.html"><i class="fa fa-chevron-left" aria-hidden="true"></i> Previous</a>&nbsp;</td><td width="20%" align="center"><a accesskey="u" href="configuring-connectors.html"><i class="fa fa-chevron-up" aria-hidden="true"></i> Top</a></td><td width="40%" align="right">&nbsp;<a accesskey="n" href="configuring-security.html">Next <i class="fa fa-chevron-right" aria-hidden="true"></i></a></td></tr><tr><td width="40%" align="left" valign="top">Configuring SSL/TLS&nbsp;</td><td width="20%" align="center"><a accesskey="h" href="index.html"><i class="fa fa-home" aria-hidden="true"></i> Home</a></td><td width="40%" align="right" valign="top">&nbsp;Chapter&nbsp;7.&nbsp;Configuring Security</td></tr></table></div><p xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><div class="jetty-callout">
             See an error or something missing?
             <span class="callout"><a href="http://github.com/eclipse/jetty.project">Contribute to this documentation at
                 <span class="website"><i class="fa fa-github" aria-hidden="true"></i> Github!</span></a></span><span style="float: right"><i>(Generated: 2020-03-10)</i></span></div></p></body></html>
	<html><head>
	<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
	<title>SSL in the Jetty Distribution</title><link rel="stylesheet" type="text/css" href="css/docbook.css"><meta name="generator" content="DocBook XSL Stylesheets V1.79.1"><meta name="keywords" content="jetty, servlet, servlet-api, cometd, http, websocket, eclipse, maven, java, server, software"><link rel="home" href="index.html" title="Jetty"><link rel="up" href="configuring-connectors.html" title="Chapter 6. Configuring Jetty Connectors"><link rel="prev" href="configuring-ssl.html" title="Configuring SSL/TLS"><link rel="next" href="configuring-security.html" title="Chapter 7. Configuring Security"><link xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" rel="shortcut icon" href="images/favicon.ico"><link rel="stylesheet" href="css/highlighter/foundation.css"><script src="js/highlight.pack.js"></script><script>
	hljs.initHighlightingOnLoad();
	</script><link type="text/css" rel="stylesheet" href="css/font-awesome/font-awesome.min.css"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><table xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><tr><td style="width: 25%"><a href="http://www.eclipse.org/jetty"><img src="images/jetty-header-logo.png" alt="Jetty Logo"></a><br><span style="font-size: small">
	Version: 9.4.28-SNAPSHOT</span></td><td style="width: 50%"></td></tr></table><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">SSL in the Jetty Distribution</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="configuring-ssl.html"><i class="fa fa-chevron-left" aria-hidden="true"></i> Previous</a> </td><th width="60%" align="center">Chapter 6. Configuring Jetty Connectors<br><a accesskey="p" href="index.html"><i class="fa fa-home" aria-hidden="true"></i> Home</a></th><td width="20%" align="right"> <a accesskey="n" href="configuring-security.html">Next <i class="fa fa-chevron-right" aria-hidden="true"></i></a></td></tr></table><hr></div><div xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times" class="jetty-callout"><h5 class="callout"><a href="http://www.webtide.com/">Contact the core Jetty developers at
	<span class="website">www.webtide.com</span></a></h5><p>
	private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ...
	scalability guidance for your apps and Ajax/Comet projects ... development services for sponsored feature development
	</p></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="jetty-ssl-distribution"></a>SSL in the Jetty Distribution</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="section"><a href="jetty-ssl-distribution.html#_default_jsse_ssl_configuration">Default JSSE SSL Configuration</a></span></dt><dt><span class="section"><a href="jetty-ssl-distribution.html#jetty-conscrypt-distribution">Conscrypt SSL Configuration</a></span></dt><dt><span class="section"><a href="jetty-ssl-distribution.html#client-certificate-authentication">Client Certificate Authentication</a></span></dt></dl></div><p>When making use of the Jetty Distribution, enabling SSL support is as easy as activating the appropriate module.
	Jetty supports both the default <a class="link" href="https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html" target="_top">JSSE</a>
	provider and the <a class="link" href="https://github.com/google/conscrypt/" target="_top">Conscrypt</a> provider as SSL implementations.</p><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="_default_jsse_ssl_configuration"></a>Default JSSE SSL Configuration</h3></div></div></div><p>For the default SSL support, simply activate the <code class="literal">ssl</code> <a class="link" href="startup-modules.html" title="Managing Startup Modules">module</a>:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>$ cd /path/to/mybase
	$ java -jar ${JETTY_HOME}/start.jar --add-to-startd=ssl
	INFO : server initialised (transitively) in ${jetty.base}/start.d/server.ini
	INFO : ssl initialised in ${jetty.base}/start.d/ssl.ini
	INFO : Base directory was modified
	$ tree
	.
	├── etc
	│   └── keystore
	└── start.d
	├── server.ini
	└── ssl.ini</code></pre><p>When you open <code class="literal">start.d/ssl.ini</code>, you will see several commented properties ready for use when configuring <code class="literal">SslContextFactory</code> basics.</p><p>To highlight some of the more commonly used properties:</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">jetty.ssl.host</span></dt><dd>Configures which interfaces the SSL/TLS Connector should listen on.</dd><dt><span class="term">jetty.ssl.port</span></dt><dd>Configures which port the SSL/TLS Connector should listen on.</dd><dt><span class="term">jetty.httpConfig.securePort</span></dt><dd>If a webapp needs to redirect to a secure version of the same resource, then this is the port reported back on the response <code class="literal">location</code> line (having this be separate is useful if you have something sitting in front of Jetty, such as a Load Balancer or proxy).</dd><dt><span class="term">jetty.sslContext.keyStorePath</span></dt><dd>Sets the location of the <code class="literal">keystore</code> that you configured with your certificates.</dd><dt><span class="term">jetty.sslContext.keyStorePassword</span></dt><dd>Sets the Password for the <code class="literal">keystore</code>.</dd></dl></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="jetty-conscrypt-distribution"></a>Conscrypt SSL Configuration</h3></div></div></div><p>Enabling Conscrypt SSL is just as easy as default SSL - enable both the <code class="literal">conscrypt</code> and <code class="literal">ssl</code> <a class="link" href="startup-modules.html" title="Managing Startup Modules">modules</a>:</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>$ cd ${JETTY_HOME}
	$ java -jar ../start.jar --add-to-start=ssl,conscrypt

	ALERT: There are enabled module(s) with licenses.
	The following 1 module(s):
	+ contains software not provided by the Eclipse Foundation!
	+ contains software not covered by the Eclipse Public License!
	+ has not been audited for compliance with its license

	Module: conscrypt
	+ Conscrypt is distributed under the Apache Licence 2.0
	+ https://github.com/google/conscrypt/blob/master/LICENSE

	Proceed (y/N)? y
	INFO : server transitively enabled, ini template available with --add-to-start=server
	INFO : conscrypt initialized in ${jetty.base}/start.d/conscrypt.ini
	INFO : ssl initialized in ${jetty.base}/start.d/ssl.ini
	MKDIR : ${jetty.base}/lib/conscrypt
	DOWNLD: https://repo1.maven.org/maven2/org/conscrypt/conscrypt-openjdk-uber/1.0.0.RC11/conscrypt-openjdk-uber-1.0.0.RC11.jar to ${jetty.base}/lib/conscrypt/conscrypt-uber-1.0.0.RC11.jar
	MKDIR : ${jetty.base}/etc
	COPY : ${jetty.home}/modules/conscrypt/conscrypt.xml to ${jetty.base}/etc/conscrypt.xml
	COPY : ${jetty.home}/modules/ssl/keystore to ${jetty.base}/etc/keystore
	INFO : Base directory was modified</code></pre><p>No additional Conscrypt configuration is needed.
	SSL-specific parameters, like <code class="literal">keyStorePath</code> and <code class="literal">keyStorePassword</code> can still configured as in the example above, making use of the <code class="literal">${JETTY_BASE}/start.d/ssl.ini</code> file.</p></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="client-certificate-authentication"></a>Client Certificate Authentication</h3></div></div></div><p>To enable client certificate authentication in the Jetty Distribution, you need to enable the both the <code class="literal">ssl</code> and <code class="literal">https</code> modules.</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code>$ cd /path/to/mybase
	$ java -jar /path/to/jetty-dist/start.jar --add-to-startd=ssl,https</code></pre><p><b>$JETTY_BASE/start.d/ssl.ini. </b>
	</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code># Module: ssl
	--module=ssl

	jetty.ssl.host=0.0.0.0
	jetty.ssl.port=8583
	jetty.sslContext.keyStorePath=etc/keystore
	jetty.sslContext.trustStorePath=etc/truststore
	jetty.sslContext.keyStorePassword=OBF:
	jetty.sslContext.keyManagerPassword=OBF:
	jetty.sslContext.trustStorePassword=OBF:
	# Enable client certificate authentication.
	jetty.sslContext.needClientAuth=true</code></pre><p>
	</p><p><b>$JETTY_BASE/start.d/https.ini. </b>
	</p><pre xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><code># Module: https
	--module=https</code></pre><p>
	</p></div></div><script type="text/javascript">
	SyntaxHighlighter.all()
	</script><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="configuring-ssl.html"><i class="fa fa-chevron-left" aria-hidden="true"></i> Previous</a> </td><td width="20%" align="center"><a accesskey="u" href="configuring-connectors.html"><i class="fa fa-chevron-up" aria-hidden="true"></i> Top</a></td><td width="40%" align="right"> <a accesskey="n" href="configuring-security.html">Next <i class="fa fa-chevron-right" aria-hidden="true"></i></a></td></tr><tr><td width="40%" align="left" valign="top">Configuring SSL/TLS </td><td width="20%" align="center"><a accesskey="h" href="index.html"><i class="fa fa-home" aria-hidden="true"></i> Home</a></td><td width="40%" align="right" valign="top"> Chapter 7. Configuring Security</td></tr></table></div><p xmlns:jfetch="java:org.eclipse.jetty.xslt.tools.JavaSourceFetchExtension" xmlns:fetch="java:org.eclipse.jetty.xslt.tools.SourceFetchExtension" xmlns:d="http://docbook.org/ns/docbook" xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0" xmlns:xslthl="http://xslthl.sf.net" xmlns:gcse="http://www.google.com" xmlns:date="http://exslt.org/dates-and-times"><div class="jetty-callout">
	See an error or something missing?
	<span class="callout"><a href="http://github.com/eclipse/jetty.project">Contribute to this documentation at
	<span class="website"><i class="fa fa-github" aria-hidden="true"></i> Github!</span></a></span><span style="float: right"><i>(Generated: 2020-03-10)</i></span></div></p></body></html>