SSL Configuration
Pax Web supports SSL (https) via Jetty built in SSL support. To get used with Jetty support you may read How to configure SSL in Jetty and skip step 4 from that page, as the configuration part must be done in Pax Web specific way.
To enable SSL support you must set the following properties:
- org.osgi.service.http.secure.enabled to true
- org.ops4j.pax.web.ssl.keystore to the path to the keystore to be used. If not set the default path ${user.home}/.keystore is used.
- org.ops4j.pax.web.ssl.password to the password used for keystore integrity check. The value can be in plain text or obfuscated ( starting with OBF: ) as described in step 4 of jetty documentation
- org.ops4j.pax.web.ssl.keypassword to the password used for keystore. The value can be in plain text or obfuscated ( starting with OBF: ) as described in step 4 of jetty documentation
You may also set the following:
- org.osgi.service.http.port.secure to change the port. Default is 8443.
The following is a list with SSL related configuration properties that can be used to customize Pax Web SSL support. If not specified otherwise, the property is available since Pax Web - 0.2.0 (first version).
org.ops4j.pax.web.ssl.keystore
Path to the keystore file. See ops4j:SSL Configuration for details.
Since Pax Web - 0.2.1.
org.ops4j.pax.web.ssl.keystore.type
This property specifies the keystore type. Defaults to JKS.
Since Pax Web - 0.5.0.
org.ops4j.pax.web.ssl.password
Password used for keystore integrity check.
Since Pax Web - 0.2.1.
org.ops4j.pax.web.ssl.keypassword
Password used for keystore.
Since Pax Web - 0.2.1.
org.ops4j.pax.web.ssl.clientauthwanted
This property specifies, if certificate-based client authentication at the server is "wanted".
Since Pax Web - 0.5.0.
org.ops4j.pax.web.ssl.clientauthneeded
This property specifies, if certificate-based client authentication at the server is "required".
Since Pax Web - 0.5.0.
Content