Ask a Question

Import a certificate into a Jetty Java HTTP Servlet Web Server

Problem

How do I install a GeoTrust True BusinessID in a Jetty Java HTTP Servlet Web Server
How do I install a Wildcard certificate in a Jetty Java HTTP Servlet Web Server

Solution

To install a certificate on a Java server, perform the following steps:
 
 
Step 1:  Download your certificate
 
  1. You will receive an email when your certificate is issued.
  2. You require your certificate in PKCS#7 format, to download it in this format, perform the steps on the following solutions.
    • GeoTrust Trust Security Center, refer to solution SO22158
    • GeoTrust Enterprise Security Center, refer to solution SO21128
    • GeoTrust User Portal (e.g., certificate purchased through Retail or Partners), refer to solution SO15168
  3. Copy and Paste your GeoTrust certificate to Notepad and save as a certificate.p7b
     
Step 2:  Import the Certifcate into the Keystore:
 
  1. To Import the certificate into the keystore and alias that generated the CSR, please use the commands below:
     
    keytool -import -trustcacerts -file [cert_file_name_here] -keystore [keystore_name_here] -alias [keyentry_name_here]


Step 3: Confirm the contents of the keystore
 

  1. To list the contents of your keystore, please enter the following command below:
     
    keytool -list -v -keystore  your_keystore_filename >output_filename.txt

    For Example:

     
  2. View the contents of the output file.

    The SSL certificate is imported into the alias with the "Entry Type" of PrivateKeyEntry or KeyEntry.  If not, please import the certificate into the Private Key alias.

Step 4: Configure Jetty server
 
  1. Configure the Jetty connector to point to the Keystore and password:
    Example:
    <Call name="addConnector">
        <Arg>
          <New class="org.mortbay.jetty.security.SslSocketConnector">
            <Set name="Port">8443</Set>
            <Set name="maxIdleTime">30000</Set>
            <Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
            <Set name="password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
            <Set name="keyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
            <Set name="truststore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set>
            <Set name="trustPassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
          </New>
        </Arg>
      </Call>

    NOTE: Use Jetty Configuring Setting reference for a correct configuration Configure Jetty
    The SSL Port needs to be enabled on Jetty Java HTTP Servlet Web Server as well as on any firewall/s or router/s in place.

    NOTE: Jetty Documentation


Step 5: Verify certificate installation

  1. Verify your installation with the GeoTrust Installation Checker