The setup: I have a Jetty (8.1.5 if it matters) Server running a simple site over https, using a self-signed certificate (it’s intra-net so this is not an issue). This works.
However, in order to provide a better user experience I would like to serve up the SSL certificate for download and installation, with the correct content-type “application/x-x509-ca-cert”. In order to do this I need two things:
-
A way to obtain the certificate from the KeyStore that Jetty uses. I know I can do this using the OpenSSL client, but I really need to do this programmatically, and preferably without having to open a new connection to the server.
-
A way to offer this certificate to the user in the correct format. I’m pretty convinced I can do this by writing a custom HttpServlet to do this, but is there a smarter/quicker way?
I wrote a bit of code that would validate certificates of signed jars a while back, you can probably use it for inspiration for a servlet that could have a reference to a keystore and return certs. It might help you get started at least.
https://github.com/jetty-project/jetty-webapp-verifier/blob/master/src/main/java/org/mortbay/jetty/webapp/verifier/rules/JarSignatureRule.java