Web

TLS Cert and Key for jetty

Markus Kolb

1 min read
TLS Cert and Key for jetty

Today with jetty 9.4.34 and you'd like to use the default keystore password storepwd and default private key password keypwd, so that you don't have to modify the config, and you have cert/key in common PEM format...

tmpcert="/tmp/certkey$RANDOM.pkcs12" ; \
openssl pkcs12 -export -inkey "key.pem" \
        -in "cert.pem" \
        -passout "pass:storepwd" \
        -out "$tmpcert" \
&& \
keytool -importkeystore \
        -srckeystore "$tmpcert" -srcstoretype PKCS12 \
        -srcstorepass storepwd \
        -destkeystore "$JETTY_BASE/etc/keystore" -deststoretype JKS \
        -deststorepass storepwd \
        -destkeypass keypwd ; \
rm "$tmpcert"

That's all you need to import to provide SSL functionality

Because of JKS there is the

Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using ...

But it is the only possibility to set a different keypass like keypwd for key and storepwd for keystore.
For pkcs12 storetype this distinction is impossible (at least with keytool, there is an error on execution).

For the rest (like config modifications for own passwords, and generating own passwords) the documentation at https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html is ok.