jetty plugin & SSL trust

https://stackoverflow.com/questions/17807274

03-06-2022
|

Question

I'm trying to setup the jetty maven plugin for local development but I'm stuck on trusting the LDAP server's SSL which I use with spring security for authentication.

I tried creating a connector for SSL with the truststore, however I'm still getting the bind exception on login.

<Call name="addConnector">
        <Arg>
            <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
                <Arg>
                    <New class="org.eclipse.jetty.http.ssl.SslContextFactory">
                        <Set name="keyStore">servers/jetty/jetty.jks</Set>
                        <Set name="keyStorePassword">password</Set>
                        <Set name="keyManagerPassword">password</Set>
                        <Set name="trustStore">servers/trust.jks</Set>
                        <Set name="trustStorePassword">password</Set> 
                    </New>
                </Arg>
                <Set name="port">443</Set>
                <Set name="maxIdleTime">30000</Set>
            </New>
        </Arg>
    </Call>

This is the exception:

simple bind failed: host:port; nested exception is javax.naming.CommunicationException: simple bind failed: host:port [Root exception is javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by ROOT CA is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error]

seems like the truststore for the connector is limited to incoming SSL connections. Anyway to get this working with jetty?

La solution

I solved it as follows:

<Call class="java.lang.System" name="setProperty">
    <Arg>javax.net.ssl.trustStore</Arg>
    <Arg>trust.jks</Arg>
</Call>
<Call class="java.lang.System" name="setProperty">
    <Arg>javax.net.ssl.trustStorePassword</Arg>
    <Arg>xxxx</Arg>
</Call>

Autres conseils

For me it was:

<systemProperty>
    <name>javax.net.ssl.trustStore</name>
    <value>/Users/koraytugay/Desktop/cacerts.jks</value>
</systemProperty>
<systemProperty>
    <name>javax.net.ssl.trustStorePassword</name>
    <value>changeit</value>
</systemProperty>

Licencié sous: CC-BY-SA avec attribution

Non affilié à StackOverflow