Configuring Jetty SSL context

After the file permissions are secured in SSMC appliance (see Tightened file permissions in SSMC appliance filesystem), the web server SSL configurations cannot be edited from the general bash shell for security reasons. Follow these steps to update SSL Context configuration for the SSMC web server (jetty-ssl-context.xml):

Procedure
  1. Set up the following properties in /ssmc/conf/security_config.properties as needed:
    Property Description
    ssmc.jetty.ssl.context.KeyStorePassword Jetty keystore password.
    ssmc.jetty.ssl.context.KeyManagerPassword Jetty key entry password within keystore.
    ssmc.jetty.ssl.context.TrustStorePassword Jetty truststore password.
    ssmc.jetty.ssl.context.WantClientAuth Flag to specify if client authentication is required. Jetty expects clients (browsers) to send client certificate for mutual authentication during TLS handshake.
  2. Run the following command to configure the SSL context values into the SSMC web server (jetty-ssl-context.xml) and restart the service:

    sudo /ssmc/bin/config_security.sh -o configure_jetty_ssl_context -f