Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Debugging Jetty https

Tags:

https

jetty

jetty-9

I am setting up a standalone (not embedded) jetty 9.2.1 with https.

I played a bit with a self-signed certificate on my local box and all went fine.

Now I am setting up a uat server (similar to what I'll get in production), and I'm failing at getting the https running properly. These are my steps:

1) I created a keystore, generated the cert request and submitted to my CA, got the signed certificate and imported both the new and root certificates in the keystore

2) I can verify that the keystore is looking fine and by doing:

keytool -list -keystore jetty.jks

I can see all the certificates showing with their alias

3) I placed the keystore in /etc folder and edited the jetty-ssl.xml

<Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.keystore" default="etc/jetty.jks"/></Set>
<Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="somepassword"/></Set>
<Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="somepassword"/></Set>
<Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.truststore" default="etc/jetty.jks"/></Set>
<Set name="TrustStorePassword"><Property name="jetty.truststore.password" default="somepassword"/></Set>

on startup I can see both the http and https connectors 'up'

10927 [main] INFO  org.eclipse.jetty.server.ServerConnector  - Started ServerConnector@231e04a9{HTTP/1.1}{0.0.0.0:8090}
11285 [main] INFO  org.eclipse.jetty.server.ServerConnector  - Started ServerConnector@4a1f826d{SSL-http/1.1}{0.0.0.0:8443}
11285 [main] INFO  org.eclipse.jetty.server.Server  - Started @12632ms

but the https does not respond, indeed I see from netstat that nothing is listening on port 8443 (while showing a healthy one for port 8090)

I tried using the 'sample' keystore shipped with jetty and got it working, which makes me think of some issue with my keystore ... but, I see no errors on the console nor in any logs (even when started with -DDEBUG=true) and I can see the keystore's certificates.

I tried also to 'force' which alias to pick with -Djetty.https-cert-alias=capi but no luck.

Any ideas on how to debug this?

Thanks!

like image 591
Daniele Avatar asked Mar 25 '15 00:03

Daniele

1 Answers

I've added the following properties to enable ssl debugging:

-DDEBUG=true -Dorg.eclipse.jetty.LEVEL=DEBUG -Djavax.net.debug=ssl,handshake,data

That did the trick. ;)

like image 128
Daniele Avatar answered Sep 24 '22 20:09

Daniele
Sign in to Comment

Related questions

Test an HTTPS proxy in python
SSL handshake faillure with node.js server
What is causing intermittent SEC_E_BUFFER_TOO_SMALL error coming from WinHttpSendRequest?
How to enable HTTPS for standalone Wiremock
Go https client issue - remote error: tls: handshake failure
configure secure SSL Apache reverse proxy
XMLHttpRequest.upload.onprogress not Working with HTTPS
What is the role of https.Agent in Node?
Mixed http/https site
Make a connection to a HTTPS server from Java and ignore the validity of the security certificate
How to respond to HTTP authentication challenges in Android
Which HTTP features are different in HTTPS?
NullPointerException In Send Https Request With jetty Http Client
How to select specific the cipher while sending request via python request module
iPhone: install certificate for SSL connection
Is a link without the protocol valid XHTML? i.e. <a href="//www.example.com/">
Rails: activating SSL support gets Chrome confused
How to ignore error: System.Security.Cryptography.CryptographicException: Store Root doesn't exists
How to specify CAFile path inline with the GIT command?
Why isn't Request.Url.Scheme returning HTTPS?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!