WARNING: This server provides a static reference view of the NetKernel documentation. Links to dynamic content do not work. For the best experience we recommend you install NetKernel and view the documentation in the live system .

By default both the frontend and backend fulcrums using basic HTTP with secure sockets layer (SSL). This guide documents how to enable SSL.

You will need to edit the file /etc/HTTPServerConfig.xml. If the module is not already expanded onto the filesystem you must do this first - use the Deployment Editor tool.

First disable the existing connector by commenting out the addConnector fragment from the XML and then uncomment this SSL connector as shown below:


<!-- ============================================================= -->

<!-- Create a TLS (SSL) Context Factory -->

<!-- ============================================================= -->
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
  <Set name="KeyStorePath">
    <Property name="jetty.base" default="." />/
    <Property name="jetty.keystore" default="../keystore" />
  </Set>
  <Set name="KeyStorePassword">
    <Property name="jetty.keystore.password" default="test123" />
  </Set>
  <Set name="KeyManagerPassword">
    <Property name="jetty.keymanager.password" default="test123" />
  </Set>
  <Set name="TrustStorePath">
    <Property name="jetty.base" default="." />/
    <Property name="jetty.truststore" default="../keystore" />
  </Set>
  <Set name="TrustStorePassword">
    <Property name="jetty.truststore.password" default="test123" />
  </Set>
  <Set name="EndpointIdentificationAlgorithm" />
  <Set name="NeedClientAuth">
    <Property name="jetty.ssl.needClientAuth" default="false" />
  </Set>
  <Set name="WantClientAuth">
    <Property name="jetty.ssl.wantClientAuth" default="false" />
  </Set>
  <Set name="ExcludeCipherSuites">
    <Array type="String">
      <Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
      <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
      <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
      <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
      <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
      <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
      <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
    </Array>
  </Set>
  <Set name="useCipherSuitesOrder">
    <Property name="jetty.sslContext.useCipherSuitesOrder" default="true" />
  </Set>
  <Set name="sslSessionCacheSize">
    <Property name="jetty.sslContext.sslSessionCacheSize" default="-1" />
  </Set>
  <Set name="sslSessionTimeout">
    <Property name="jetty.sslContext.sslSessionTimeout" default="-1" />
  </Set>
</New>

As suggested in the comment full details of the Jetty configuration and how to set up the necessary keystore are contained here.

NetKernel must be restarted for changes in the HTTP configuration to take effect.