You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by sc...@geronimo.apache.org on 2004/11/13 20:19:23 UTC

[Apache Geronimo Wiki] Updated: JettySSL

   Date: 2004-11-13T11:19:23
   Editor: JeremyBoynes <jb...@apache.org>
   Wiki: Apache Geronimo Wiki
   Page: JettySSL
   URL: http://wiki.apache.org/geronimo/JettySSL

   no comment

Change Log:

------------------------------------------------------------------------------
@@ -2,15 +2,20 @@
 
 By default (as of 2004-10-08) Geronimo runs http protocol but not https.  I haven't entirely figured out how to get it to run https yet, but here are some notes that might help you.
 
-The first step is to set up a "keystore" that contains a digital certificate.  The server uses this to authenticate itself to the clients.  There are some links in the Jetty SSL FAQ below that talk about how to do this.  Geronimo expects the keystore to be in `~/.keystore` by default (at least on unix systems).
-
-To enable SSL add this to your web app's `geronimo-jetty.xml` deployment descriptor (for more info on `geronimo-jetty.xml` see ["Deployment"]):
+The first step is to set up a "keystore" that contains a digital certificate.  The server uses this to authenticate itself to the clients.  There are some links in the Jetty SSL FAQ below that talk about how to do this.
+  
+To enable SSL add this to your web app's `geronimo-jetty.xml` deployment plan (for more info on `geronimo-jetty.xml` see ["Deployment"]):
  {{{
-<gbean name="geronimo.server:type=WebConnector,container=Jetty,port=8443" 
-       class="org.apache.geronimo.jetty.connector.HTTPSConnector">
-    <attribute name="port" type="int">8443</attribute>
-    <reference name="JettyContainer">geronimo.server:type=WebContainer,container=Jetty</reference>
-</gbean>
+<gbean name="geronimo.server:type=WebConnector,container=Jetty,port=8443" class="org.apache.geronimo.jetty.connector.HTTPSConnector">
+        <reference name="JettyContainer">geronimo.server:type=WebContainer,container=Jetty</reference>
+        <reference name="ServerInfo">geronimo.system:role=ServerInfo</reference>
+        <attribute name="port" type="int">8443</attribute>
+        <attribute name="keystore" type="java.lang.String">var/security/ssl-keystore</attribute>
+        <attribute name="password" type="java.lang.String">changeit</attribute>
+        <attribute name="keystoreType" type="java.lang.String">JKS</attribute>
+        <attribute name="useDefaultTrustStore" type="boolean">false</attribute>
+        <attribute name="needClientAuth" type="boolean">false</attribute>
+    </gbean>
 }}}
 
 This is a cut-n-paste from `geronimo/modules/assembly/src/plan/j2ee-server-plan.xml` as suggested by Jeremy in the link below.
@@ -40,16 +45,6 @@
 === Status ===
 
 At the moment the server starts, and is listening on port 8443, and it appears to be running https, but I appear to have botched my certificate generation so I can't establish a connection.  The browser tells me that the certificate is invalid or corrupt.  If your certificate-fu is more powerful than mine you'll probably have no problems.
-
-=== Wishlist ===
-
-It would be nice to be able to specify the passwords and the keystore location in the deployment descriptor.  At the moment it looks as if `org.apache.geronimo.jetty.connector.JettyConnector` isn't set up to allow this:
- {{{
-        GBeanInfoFactory infoFactory = new GBeanInfoFactory("Jetty HTTP Connector", JettyConnector.class);
-        infoFactory.addAttribute("port", int.class, true);
-        infoFactory.addReference("JettyContainer", JettyContainer.class);
-        GBEAN_INFO = infoFactory.getBeanInfo();
-}}}
 
 == References ==