...

• Edit the following entries in the JETTY_BASE/start.ini configuration file for the truststore location:

  Code Block
  title Example how to configure the truststore location with the start.ini file
  ## Truststore file path (relative to $jetty.base) jetty.sslContext.trustStorePath=resources/joc/https-truststore.p12 ## Truststore password jetty.sslContext.trustStorePassword=jobscheduler

  
  Explanation:

  • Specify the location of the truststore with the trustStorePath setting. A location relative to the JETTY_BASE directory can be specified.
  • Specify the password for access to the truststore with the trustStorePassword setting.
• Option
  • Should certificate based authentication be enforced then Jetty can be configured to automatically challenge clients to present a Client Authentication certificate. Be aware that with this option being in place it is no longer possible to login with account/password only as a client authentication certificate is required..

  • Specify the settings to enforce client authentication with the following entries in the JETTY_BASE/start.ini configuration file: 

    Code Block
    title Example how to enforce client authentication with the start.ini file
    ## force use of client authentication certificates jetty.sslContext.needClientAuth=false jetty.sslContext.wantClientAuth=true jetty.sslContext.endpointIdentificationAlgorithm=

    Explanation:

    • Find explanations from the JS7 - Authentication article.

Risk Mitigation

The above explanations indicate use of a Root CA certificate for verification of Client Authentication certificates when it comes to mutual authentication.

...