Configuring SSL
It's highly recommend to install a new SSL certificate that is under your control and not use the certificate that came with the software.
Create Keystore
Create keystore with self-signed certificate
Quick and easy setup is to create a keystore with self-signed certificate. Although this not ideal as the certificate was not issued through a certificate authority and the browser will result in the browser issuing a warning due to the self-signed certificate
keytool -keystore keystore -alias bastillion -genkey -keyalg RSA -sigalg SHA256withRSA
Import certificate into keystore
Otherwise, if you have an existing certificate / key pair or one issued from a certificate authority you can create and import into a keystore as follows.
Depending on the existing key format you may need to export as a PKCS12
openssl pkcs12 -export -inkey bastillion.key -in bastillion.crt -out bastillion.pkcs12
Create a new keystore and import the certificate and key
keytool -importkeystore -srckeystore bastillion.pkcs12 -srcstoretype PKCS12 -destkeystore keystore
Configure Keystore with Jetty
Copy new keystore to jetty's etc directory
cp keystore Bastillion-jetty/jetty/etc/
Set obfuscated keystore password
To obtain the obfuscated password for the keystore (OBF), you will neeed to run the following utility
java -cp Bastillion-jetty/jetty/lib/jetty-util-X.X.X.vXXX.jar org.eclipse.jetty.util.security.Password <keystore password>
From the output, take the OBF value and set it to the default value in jetty/etc/jetty-ssl-context.xml Change the follow OBF values:
KeyStorePassword=<OBF Value>
KeyManagerPassword=<OBF Value>
TrustStorePassword=<OBF Value>
Last, edit thr OBF values in the jetty/modules/ssl.mod for
jetty.sslContext.keyStorePassword=<OBF Value>
jetty.sslContext.keyManagerPassword=<OBF Value>
jetty.sslContext.trustStorePassword=<OBF Value>
Restart Jetty and verify the new SSL Certificate is active.