The following part deals with the installation of an SSL certificate for jetty.
1) Create a keystore
keytool -genkey -alias my-cert -keyalg RSA -keystore .mykeystore
When creating a certificate, you must specify keystorePassword and keyPassword
2) Create a certificate request, CSR (into the file cert.csr)
keytool -certreq -alias my-cert -file cert.csr -keystore .mykeystore
3) Send CSR to Verisign (or some other company), in response you must get a cert.crt.
The following URL can be used for testing
https://www.thawte.com/cgi/server/test.exe
4) Convert cert.crt from PEM to DER (cert.der). You can use openssl to convert it:
openssl x509 -in cert.crt -out cert.der –outform DER
5) Import the certificate into the keystore:
keytool -import -alias my-cert -file cert.der -keystore .mykeystore
6) Edit jetty.xml:
<Call name="addListener"> <Arg> <New class="org.mortbay.http.SunJsseListener"> <Set name="Port">8443</Set> <Set name="MinThreads">5</Set> <Set name="MaxThreads">100</Set> <Set name="MaxIdleTimeMs">30000</Set> <Set name="LowResourcePersistTimeMs">2000</Set> <Set name="Keystore"><SystemProperty name="jetty.home" default="."/>.mykeystore</Set> <Set name="PoolName">Listener</Set> <Set name="Password">keystorePassword</Set> <Set name="KeyPassword">keyPassword</Set> </New> </Arg> </Call>
7) Change the protocol and port for siteURL in trackstudio.properties.
# URL of your site. Host name and port should be correct. # We use this address in e-mail notification messages. trackstudio.siteURL https://localhost:8443/TrackStudio
8) Launch jetty.
9) Open https://localhost:8443/TrackStudio
To create a self-signed certificate, do the following:
1) Create Certificate Authority. To do that, run
perl ./CA.pl -newca
or
./CA -newca
2) Create a certificate request:
keytool -certreq -alias my-cert -file cert.csr -keystore .mykeystore
3) Create a certificate
openssl ca -config /usr/share/ssl/openssl.cnf -out cert.crt -infiles cert.csr
4) Verify the certificate:
openssl verify -CAfile ./demoCA/cacert.pem cert.crt
5) Convert the certificate from PEM to DER:
openssl x509 -in cert.crt -out cert.der -outform DER
6) Import cert.der into the keystore.
Please note that some functionality (Excel reports, Save target as... when file download, etc) will not work with demo cert under MS Internet Explorer. Use cert from certification authority (like Verisign) to solve this issue.