Page History
...
On the JOC Cockpit server run the following command and replace the
JETTY_HOME
andJETTY_BASE
placeholders as specified above:Code Block language bash title Add HTTPS module to Jetty java -jar "JETTY_HOME/start.jar" -Djetty.home="JETTY_HOME" -Djetty.base="JETTY_BASE" --add-to-start=ssl,https
- Having executed the above command you should find a new folder
JETTY_BASE/etc
By default Jetty expects a keystore with the name
keystore
in this folder that is created from the above command.Jetty doesn't start if it doesn't find a keystore that corresponds to its settings.
- In addition a number of entries in the
JETTY_BASE/start.ini
configuration file for TLS/SSL settings such as the HTTPS port are added.
...
Edit the following entries in the
JETTY_BASE/start.ini
configuration file for the truststore location:Code Block title Example how to configure the truststore location with the start.ini file ## Truststore file path (relative to $jetty.base) jetty.sslContext.trustStorePath=resources/joc/https-truststore.p12 ## Truststore password jetty.sslContext.trustStorePassword=jobscheduler
Explanation:- Specify the location of the truststore with the
trustStorePath
setting. A location relative to theJETTY_BASE
directory can be specified. - Specify the password for access to the truststore with the
trustStorePassword
setting.
- Specify the location of the truststore with the
- Option
- Should certificate based authentication be enforced then Jetty can be configured to automatically challenge clients to present a Client Authentication certificate. Be aware that with this option being in place it is no longer possible to login with account/password only as a Client Authentication certificate is required..
Specify the settings to enforce client authentication with the following entries in the
JETTY_BASE/start.ini
configuration file:Code Block title Example how to enforce client authentication with the start.ini file ## forceenable use of client authentication certificates jetty.sslContext.needClientAuth=false jetty.sslContext.wantClientAuth=true jetty.sslContext.endpointIdentificationAlgorithm=
Explanation:
- Find explanations from the JS7 - Authentication article.
...
Overview
Content Tools