Versions Compared

Version Old Version 2 New Version 3
Changes made by

Uffe Svensson

Uffe Svensson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Öppna Portecle och välj File -> “Open Keystore file…”. Öppna befintligt nyckelförråd, D:\program\weave_2.6\jetty_base\etc\jetty.jks

  2. Skriv in lösenord för nyckelförrådet (som angavs i punkt 4 under Skapa nytt nyckelförråd)

  3. Välj Tools -> “Import Key Pair…“

    image-20240828-094522.png

  4. Välj det konverterade certifikatet (som angavs i punkt 8 i Konvertera certifikatet) och ange lösenordet (punkt 7 i Konvertera certifikatet).

  5. Välj OK när dialogrutan öppnas.

    image-20240828-095012.png

  6. Välj en lämplig alias för lättare igenkänning.

    image-20240828-095318.png

  7. Välj nytt lösenord och bekräfta det för certifikatet som importerats och välj OK. Lösenordet behövs vid eventuell export från nyckelförrådet till annat format. Behövs inte i denna process.

  8. Välj File -> “Save Keystore” för att spara nyckelförrådet.

  9. Det nya certifikatet har lagts till och nyckelförrådet uppdaterats. Weave måste startas om för att förändringen ska börja gälla.

Aktivera SSL i Weave

C:\development\weave\installation\2.6.9\jetty\lib>..\..\jre\bin\java.exe -cp jetty-util-9.4.38.v20210224.jar org.eclipse.jetty.util.security.Password secretPassword

start.ini

Code Block
# --------------------------------------- 
# Module: ssl
# Settings located in jetty_bace/start.d/https.ini
# --------------------------------------- 
--module=ssl

# --------------------------------------- 
# Module: https
# Settings located in jetty_bace/start.d/https.ini
# --------------------------------------- 
--module=https

https.ini

Code Block
### TLS(SSL) Connector Configuration

## Connector host/address to bind to
# jetty.ssl.host=0.0.0.0

## Connector port to listen on
jetty.ssl.port=8443

## Connector idle timeout in milliseconds
# jetty.ssl.idleTimeout=30000

## Number of acceptors (-1 picks default based on number of cores)
# jetty.ssl.acceptors=-1

## Number of selectors (-1 picks default based on number of cores)
# jetty.ssl.selectors=-1

## ServerSocketChannel backlog (0 picks platform default)
# jetty.ssl.acceptQueueSize=0

## Thread priority delta to give to acceptor threads
# jetty.ssl.acceptorPriorityDelta=0

## The requested maximum length of the queue of incoming connections.
# jetty.ssl.acceptQueueSize=0

## Enable/disable the SO_REUSEADDR socket option.
# jetty.ssl.reuseAddress=true

## Enable/disable TCP_NODELAY on accepted sockets.
# jetty.ssl.acceptedTcpNoDelay=true

## The SO_RCVBUF option to set on accepted sockets. A value of -1 indicates that it is left to its default value.
# jetty.ssl.acceptedReceiveBufferSize=-1

## The SO_SNDBUF option to set on accepted sockets. A value of -1 indicates that it is left to its default value.
# jetty.ssl.acceptedSendBufferSize=-1

## Connect Timeout in milliseconds
# jetty.ssl.connectTimeout=15000

## Whether SNI is required for all secure connections. Rejections are in TLS handshakes.
# jetty.sslContext.sniRequired=false

## Whether SNI is required for all secure connections. Rejections are in HTTP 400 response.
# jetty.ssl.sniRequired=false

## Whether request host names are checked to match any SNI names
# jetty.ssl.sniHostCheck=true

## max age in seconds for a Strict-Transport-Security response header (default -1)
# jetty.ssl.stsMaxAgeSeconds=31536000

## include subdomain property in any Strict-Transport-Security header (default false)
# jetty.ssl.stsIncludeSubdomains=true

### SslContextFactory Configuration
## Note that OBF passwords are not secure, just protected from casual observation
## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html

## The Endpoint Identification Algorithm
## Same as javax.net.ssl.SSLParameters#setEndpointIdentificationAlgorithm(String)
#jetty.sslContext.endpointIdentificationAlgorithm=

## SSL JSSE Provider
# jetty.sslContext.provider=

## Keystore file path (relative to $jetty.base)
jetty.sslContext.keyStorePath=etc/jetty.jks

## Truststore file path (relative to $jetty.base)
jetty.sslContext.trustStorePath=etc/jetty.jks

## Keystore password
jetty.sslContext.keyStorePassword=OBF:abcde

## Keystore type and provider
# jetty.sslContext.keyStoreType=JKS
# jetty.sslContext.keyStoreProvider=

## KeyManager password
jetty.sslContext.keyManagerPassword=OBF:abcde

## Truststore password
jetty.sslContext.trustStorePassword=OBF:abcde

## Truststore type and provider
# jetty.sslContext.trustStoreType=JKS
# jetty.sslContext.trustStoreProvider=

## whether client certificate authentication is required
# jetty.sslContext.needClientAuth=false

## Whether client certificate authentication is desired
# jetty.sslContext.wantClientAuth=false

## Whether cipher order is significant (since java 8 only)
# jetty.sslContext.useCipherSuitesOrder=true

## To configure Includes / Excludes for Cipher Suites or Protocols see tweak-ssl.xml example at
## https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites

## Set the size of the SslSession cache
# jetty.sslContext.sslSessionCacheSize=-1

## Set the timeout (in seconds) of the SslSession cache timeout
# jetty.sslContext.sslSessionTimeout=-1

## Allow SSL renegotiation
# jetty.sslContext.renegotiationAllowed=true
# jetty.sslContext.renegotiationLimit=5

jetty.xml

Code Block
languagexml
<Item>
  <New id="SecuredRedirectHandler" class="org.eclipse.jetty.server.handler.SecuredRedirectHandler"/>
</Item>