Jetty.xml file reference Skip Navigation

Jetty.xml file reference

The keystore file is referenced in jetty.xml. Its default location of the jetty.xml file is on the computer hosting
BEMS
at
<
BEMS Machine Path
>\BlackBerry\BlackBerry Enterprise Mobility Server\Good Server Distribution\gems-quickstart-<
version
>\etc\
. You can access this folder using the service account you used to install the
BEMS
software or the local system account.
The relevant snippet from jetty.xml referencing the location of the keystore file and its associated password would look like the following. If you import the certificate for one node, the CertAlias displays "serverkey". If you update the certificate and select the "Use the uploaded Server SSL Certificate for all nodes in a cluster" in the
BEMS
Dashboard, the CertAlias displays "server_cert".
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server"> <Set name="KeyStorePath"> <SystemProperty name="jetty.home" default="."/> /etc/keystores/bems.pfx </Set> <Set name="TrustStorePath"> <SystemProperty name="jetty.home" default="."/> /etc/keystores/bems.pfx </Set> <Set name="KeyStorePassword">OBF:1mik1w8d1ugi1x841....1x8q1uh81w9d1mma</Set> <Set name="KeyManagerPassword">OBF:1mik1w8d1ugi1x841....1x8q1uh81w9d1mma</Set> <Set name="TrustStorePassword">OBF:1mik1w8d1ugi1x841....1x8q1uh81w9d1mma</Set> <Set name="KeyStoreType">PKCS12</Set> <Set name="TrustStoreType">PKCS12</Set> <Set name="wantClientAuth">true</Set> <Set name="CertAlias">server_cert</Set>
The passwords are obfuscated. The KeyStorePassword and the TrustStorePassword are typically identical and represent the keystore password. The KeyManagerPassword is the challenge password for the certificate.

Certificate format

Any certificate used should include the following:
  • Be PKCS #12
  • The private key must contain a challenge password
  • Has the appropriate key chain (for example, the root and intermediate certificate)
  • The Subject or Subject Alternative Names properties includes the FQDN of the
    BEMS
    node. This is required for
    BEMS
    to be trusted by web browsers and
    BlackBerry Dynamics
    apps.