jetty.project icon indicating copy to clipboard operation
jetty.project copied to clipboard

Published 20 hours ago verified publisher icon jetty

Support RFC 8737

Open sbordet opened this issue 2 years ago • 19 comments
trafficstars

Jetty version(s) 10+

Enhancement Description RFC 8737 describes a method to validate domain names via the tls-alpn-01 challenge.

Upon the request for a new certificate, or renew of expired ones, for an origin server, an ACME client performs a challenge, by connecting to the origin server with alpn=acme-tls/1. The server should reply with a specific certificate as defined in the RFC (this requires wrapping the KeyManager to identify the right alias for the specific ALPN protocol). Once the client has the right certificate, it can contact the CA and download the CA-signed new, or renewed, certificate. The downloaded certificate can be stored in a KeyStore, and the existing KeyStoreScanner functionality can reload the KeyStore on-the-fly without having to restart the origin server.

sbordet avatar Dec 23 '22 15:12 sbordet