Sonatype Nexus 3 HTTPS step by step?

Hi there. Dear friends, please help configure Nexus with using Https proxy? Can’t understand how i can seting my nginx or apache for Nexus for working from 80 to 443 port? Now our Nexus server work on 80 port and haven’t and apache or nginx. I seen many man’s about this, but can’t totally understand…

Maybe anybody can a little step by step tell my how i can simple configure https with Nexus?

I found this SSL on Nexus 3 - Coveros, but stil can’t install, don’t working… (((

So thx!!! :sunglasses:

It will be helpful for me too I have to configure https with Nexus?

Most often I answer questions to myself:

IMPORTANT NOTE: the proprietary PEM format isn’t super compatible with the keytool command.You can’t take a cert/private key PEM keystore and go directly to a jks keystore, the “keytool” tool will drop the private key. To get around this, you have to convert the “pem” keystore to an intermediary “pkcs12” format first, before converting a second time to the JKS format.

6a) If you are given a PEM formatted Certificate(cert.pem) that includes a private key, run the following openssl command on powershell:

i) $ openssl pkcs12 -export -out certificate.pkcs12 -in cert.pem

ii) Continue to step 7

6b**)** If you are given a PCKS12 formatted cert that includes a private key, your certificate is already in a keystore that is compatible with the java keytool command, continue to step 7

6c) If you are given a PFX formatted cert(certificate.pfx) that includes a private key, this is actually the same format as pkcs12, so you can just continue to step 7

6d) If you are given a Certificate(cert.crt) and Private key(private.key) separately, run the following openssl command on Powershell yo combine them insto a pkcs12 keystore:

i) $ openssl pkcs12 -export -out certificate.pkcs12 -inkey private.key -in cert.crt

ii) Continue to step 7

7) Plug your certificate (certificate.pkcs12 or certificate.pfx) into a java keystore named keystore.jks at /nexus-/etc/ssl/keystore.jks, using the following keytool command:

$ keytool -v -importkeystore -srckeystore certificate.pkcs12 -srcstoretype PKCS12 -destkeystore /nexus-/etc/ssl/keystore.jks -deststoretype JKS

NOTE: Generate and import your PCKS12 certificate into a keystore that uses the SAME password as your certificate.

7)Edit, located at /sonatype-work/nexus3/etc:

  1. a) add a property in a new line:


  1. b) uncomment the line starting with “nexus-args” and add “,${jetty.etc}/jetty-https.xml” (without the quotes) to the end of that line

8) Edit /nexus-/etc/jetty/https-config.xml

  1. a) Change “password” to whatever your certificate’s password was, this needs to be changed in 3 places.

9) Start “nexus” Service

nexus.exe /start

And sure, you can export from: keytool -v -importkeystore -srckeystore certificate.p12 -srcstoretype PKCS12 -destkeystore /nexus-/etc/ssl/keystore.jks -deststoretype JKS