4

In the SSL Configuration of jetty, I see that we define the password of the keystore and the keystore physical location.

But what happens when I have multiple aliases on the keystore ? What keystore does jetty SSL chooses to use ?

In my java keystore file, one alias hold untrusted certificates and one alias is trusted. How can i tell jetty to use the trusted alias ?

Thanks

ilansch
  • 4,784
  • 7
  • 47
  • 96
  • There is no such thing as Jetty SSL. It uses the JSSE built in to Java. – user207421 Mar 29 '16 at 09:05
  • The implementation of the ssl related code is made in jetty. In jsse specs they dont mention alias. – ilansch Mar 29 '16 at 09:41
  • And are you asking about multiple aliases in one keystore, or multiple keystores, or multiple aliases in multiple keystores? And why do you have untrusted certificates in your keystore? or anywhere else? Your question remains obscure. – user207421 Apr 13 '16 at 03:28
  • A jks can hold many aliases. Which is chosen ? The certs are now trusted. And my jks contain only 1 issued and valid certs. The question is still relevant. – ilansch Apr 13 '16 at 04:17
  • If your KeyStore only contains one issued certificate there is only one alias to use. Unclear what you're asking. Still. – user207421 Jan 11 '17 at 11:13

1 Answers1

1

It is possible to configure the CertAlias attribute in jetty-ssl-context.xml.

<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
   ...
  <Set name="CertAlias"><Property name="jetty.keystore.alias" default="localhost"/></Set>
</Configure>
dumischbaenger
  • 11
  • 2