[Exist-open] CertAlias in 6.1.0's jetty-ssl-context.xml

[Craig B. <cra...@ma...>]

I had trouble getting the eXist admin interface working on port 8443 after upgrading to 6.1.0.  Usually all I have to do is convert my LetsEncrypt PEM certificate to PKCS12 format, copy that to /etc/jetty/keystore.p12, and update the password in etc/jetty/jetty-ssl-context.xml to the actual password I've added during the conversion.  That wasn't enough with 6.1.0, where connections failed and the browser said it was unable to create a secure connection.

With 6.1.0, the etc/jetty/jetty-ssl-context.xml file now contains this new section:

   <Set name="CertAlias">
      <Property name="jetty.keystore.alias" default="existdb"/>
   </Set>

This will only work if your certificate has an alias in it named "existdb" but mine didn't and I can't think of why anyone would since the certificate applies to the server, not a single application on that server.  No doubt certificate gurus will know how to generate a named alias during conversion from PEM to PCKS12, but my solution was simply to delete those three lines from jetty-ssl-context.xml -- that got things working as before.

Hope that helps someone who stumbles over the same thing.  There were no hints in the logs about what was happening -- I only found this by doing a diff comparing an old version of jetty-ssl-context.xml and eliminating anything new from the new version one section at a time until I happened on the one item that broke secure connections.

________________________________________
Craig A. Berry

"... getting out of a sonnet is much more
 difficult than getting in."
                 Brad Leithauser