Today we need to change ssl certificate on jetty. SSL Certificate issuer is Godaddy. Download certificate and unzip it. You have gd_ bundle and certificate for your server, also key file.
gd_bundle.crt
site-name.crt
site-name.key
We have a key and certificates in separate files and need to combine them into a PKCS12 format file to load into a new keystore.
#openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in site-name.crt -inkey site-name.key -out site-name.pkcs12
Enter key.If you receive error:
140112389822280:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
140112389822280:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=PKCS12
Check your command. You are forgetting the '-export' commandline parameter.
Download and execute:
#wget http://dist.codehaus.org/jetty/jetty-6.1.26/jetty-6.1.26.zip
#unzip -j jetty-6.1.26.zip jetty-6.1.26/lib/jetty-6.1.26.jar
#java -cp jetty-6.1.26.jar org.mortbay.jetty.security.PKCS12Import site-name.pkcs12 keystore.jks
Enter key, than move your keystore.jks to ../jetty/etc/
Edit ../jetty/etc/jetty-https.xml
If you want to obfuscate keystore password:
[root@server lib]# java -cp jetty-util-9.0.0.M1.jar org.eclipse.jetty.util.security.Password user qwerty
qwerty
OBF:1zef1zlu1vn61vnw1zlo1zev
MD5:d8578edf8458ce06fbc5bb76a58c5ca4
CRYPT:usK11VZXxNKiU
[root@server lib]#
(where username is user and password/key qwerty).
Insert your phrases with OBF into ../jetty/etc/jetty-https.xml
./jetty.sh restart
Work like a charm.
Leave a Reply