TLS Cert and Key for jetty
Today with jetty 9.4.34 and you'd like to use the default keystore password
storepwd and default private key password
keypwd, so that you don't have to modify the config, and you have cert/key in common PEM format...
tmpcert="/tmp/certkey$RANDOM.pkcs12" ; \ openssl pkcs12 -export -inkey "key.pem" \ -in "cert.pem" \ -passout "pass:storepwd" \ -out "$tmpcert" \ && \ keytool -importkeystore \ -srckeystore "$tmpcert" -srcstoretype PKCS12 \ -srcstorepass storepwd \ -destkeystore "$JETTY_BASE/etc/keystore" -deststoretype JKS \ -deststorepass storepwd \ -destkeypass keypwd ; \ rm "$tmpcert"
That's all you need to import to provide SSL functionality
Because of JKS there is the
Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using ...
But it is the only possibility to set a different keypass like
keypwd for key and
storepwd for keystore.
For pkcs12 storetype this distinction is impossible (at least with keytool, there is an error on execution).
For the rest (like config modifications for own passwords, and generating own passwords) the documentation at https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html is ok.