Is it possible for Restlet to use SSL certificates without a keystore? My application currently uses the DefaultSslContextFactory
like this.
...
int httpPort = appConfig.getHttpPort();
int httpsPort = appConfig.getHttpsPort();
Component c = new Component();
c.getDefaultHost().attach(ROOT_PATH, new WebApiApplication());
if (new KeyStoreManager().defaultJksContainsAlias("tls")) {
char[] secret = appConfig.getJksSecret().toCharArray();
String keystore = appConfig.getJksKeystore();
// Increase the ports until we find a suitable one
while (occupied(httpsPort)) {
httpsPort++;
}
Server https = new Server(c.getContext().createChildContext(), Protocol.HTTPS, httpsPort, c);
System.out.println("Starting HTTPS services on port " + httpsPort + "...");
DefaultSslContextFactory sslContextFactory = new DefaultSslContextFactory();
sslContextFactory.setProtocol("SSL");
sslContextFactory.setKeyStorePath(keystore);
sslContextFactory.setKeyStorePassword(secret);
sslContextFactory.setKeyStoreKeyPassword(secret);
sslContextFactory.setKeyStoreType("JKS");
https.getContext().getAttributes().put("sslContextFactory", sslContextFactory);
c.getServers().add(https);
} else {
System.out.println("No TLS certificates detected. Skipping HTTPS services...");
}
// Increate the ports until we find a suitable one
while (occupied(httpPort)) {
httpPort++;
}
System.out.println("Starting HTTP services on port " + httpPort + "...");
Server http = new Server(Protocol.HTTP, httpPort, c);
c.getServers().add(http);
try {
c.start();
} catch (Exception e) {
LOG.error("Failed to start core component", e);
System.exit(-1);
}
...
The problem is that the Java keystore isn't very friendly when it comes to importing existing certificates! Ideally I would like to just specify the path the .key
and the .crt
in the same way I do it for nginx.