...
See the JSSE Reference Guide for a thorough description of these properties. The password on the PKCS#12 file is required by convention but provides no security, thus the insecure string "password" used by the generator script. The process of setting JVM system properties varies with servlet container platform and is discussed in subsequent sections.
Configuring Jetty for Minimal System Trust
Add the following line to the file /etc/default/jetty (create it if necessary):
| Code Block | ||
|---|---|---|
| ||
IDP_HOME="/path/to/idp.home"
JAVA_OPTIONS="-Djavax.net.ssl.trustStore=$IDP_HOME/conf/minimal-system-trust.p12 -Djavax.net.ssl.trustStoreType=PKCS12 -Djavax.net.ssl.trustStorePassword=password" |
If jetty is running as a Unix service (e.g. service jetty start) or otherwise using the jetty.sh startup script, then there is nothing further required. If jetty is started using start.jar directly, simply source the file above prior to running Java:
| Code Block | ||
|---|---|---|
| ||
source /etc/default/jetty
java -jar $JETTY_HOME/start.jar |