I'm trying to setup the jetty maven plugin for local development but I'm stuck on trusting the LDAP server's SSL which I use with spring security for authentication.
I tried creating a connector for SSL with the truststore, however I'm still getting the bind exception on login.
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Arg>
<New class="org.eclipse.jetty.http.ssl.SslContextFactory">
<Set name="keyStore">servers/jetty/jetty.jks</Set>
<Set name="keyStorePassword">password</Set>
<Set name="keyManagerPassword">password</Set>
<Set name="trustStore">servers/trust.jks</Set>
<Set name="trustStorePassword">password</Set>
</New>
</Arg>
<Set name="port">443</Set>
<Set name="maxIdleTime">30000</Set>
</New>
</Arg>
</Call>
This is the exception:
simple bind failed: host:port; nested exception is javax.naming.CommunicationException: simple bind failed: host:port [Root exception is javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by ROOT CA is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error]
seems like the truststore for the connector is limited to incoming SSL connections. Anyway to get this working with jetty?
I solved it as follows:
<Call class="java.lang.System" name="setProperty">
<Arg>javax.net.ssl.trustStore</Arg>
<Arg>trust.jks</Arg>
</Call>
<Call class="java.lang.System" name="setProperty">
<Arg>javax.net.ssl.trustStorePassword</Arg>
<Arg>xxxx</Arg>
</Call>