How to obfuscate or encrypt the Apache Felix HTTP Service Jetty keystore password

Question

How to obfuscate or encrypt the Apache Felix HTTP Service Jetty keystore password?

Answer

  1. Download the jetty-util jar file.

  2. Run this command:

    java -cp jetty-util-9.4.3.v20170317.jar org.eclipse.jetty.util.security.Password {username} {password}

    Replace {username} with a username

    Replace {password} with the password of the keystore.

    ​For example:

    > java -cp ~/Downloads/jetty-util-9.4.3.v20170317.jar org.eclipse.jetty.util.security.Password password
    2018-05-23 21:06:42.444:INFO::main: Logging initialized @121ms to org.eclipse.jetty.util.log.StdErrLog
    password
    OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v
    MD5:5f4dcc3b5aa765d61d8327deb882cf99
  3. Create the a text file org.apache.felix.http.config.

  4. Edit the file, copy / paste the OBF value from the output in step 2 as the org.apache.felix.https.keystore.password property.  Include org.apache.sling.installer.configuration.persist=B"false" to avoid the value being persisted in the Oak repository.  Other properties could be copied from the server under crx-quickstart/launchpad/config/org/apache/felix/http.config.

    org.apache.sling.installer.configuration.persist=B"false"
    org.apache.felix.https.keystore.password="OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v"
  5. Stop AEM.

  6. Copy the file to the server under  crx-quickstart/install/org.apache.felix.http.config.

Adobe-logo

Aanmelden bij je account