CODEWITHSUNDEEP
javasslhttpsjetty
Bilal
Bilal

Reputation: 121

Jetty SSL Passwords

I don't fully understand the passwords that need to be set in the jetty-ssl.xml file for enabling the SSL. I created a self-signed certificate using the keytool, and during the process I had to enter two passwords only, namely keypass and storepass, which IMO correspond with KeyStorePassword and TrustStorePassword respectively. That said, this leaves one password left KeyManagerPassword which is not yet clear to me where should it have been set during the process.

<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
    <Set name="KeyStorePath">
        <Property name="jetty.base" default="." />/
        <Property name="jetty.keystore" default="etc/keystore" />
    </Set>
    <Set name="KeyStorePassword">
        <Property name="jetty.keystore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4" />
    </Set>
    <Set name="KeyManagerPassword">
        <Property name="jetty.keymanager.password" default="OBF:1u2u1wml1z7s1z7a1wnl1u2g" />
    </Set>
    <Set name="TrustStorePath">
        <Property name="jetty.base" default="." />/
        <Property name="jetty.truststore" default="etc/keystore" />
    </Set>
    <Set name="TrustStorePassword">
        <Property name="jetty.truststore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4" />
    </Set>
</Configure>

Upvotes: 1

Views: 2275

Answers (1)

Steps
Steps

Reputation: 481

This has been discussed somewhat here. There will not always be a KeyManagerPassword - it is only used if there is one specified in the key store. In most instances the password is the same as the KeyStorePassword. If the value KeyManagerPassword is blank it will default to the value of KeyStorePassword. So in your case you can leave it blank since you did not otherwise set it.

Upvotes: 2

Related Questions