Unable to setup SSL for Nexus



Unable to setup SSL for nexus-3.3.2-02, found nexus-default.properties and /sonartype/nexus3/etc/nexus.properties.
Would like to know where to update the application ssl port=10001 because i see all lines are commented in /sonartype/nexus3/etc/nexus.properties but not in nexus-default.properties.

I googled for ssl setup by updating application-port-ssl=8443 in both /sonartype/nexus3/etc/nexus.properties and nexus-default.properties
Next step created jks file in /nexus-3.3.2-02/etc/ssl and have updated /nexus-3.3.2-02/etc/jetty/jetty-https.xml to the keystore path absolute path

Final step added the jetty-https.xml in nexus-default.properties as below

Then did a restart of nexus but unable to access the nexus on HTTP and HTTPS port.After revert the above changes able to access nexus on HTTP port

Need help


See here:


Also, I would strongly recommend upgrading this instance… 3.3.2 is very old. The current version is 3.16.2.


Thanks for reply Rich Seddon,

But here i found there are no directories inside the <nexus_install>/sonatype-work/nexus3/etc except logback directory and nexus.properties file
where as found logback,fabric,jetty,karaf, ssl directories and nexus-default.properties file inside <nexus_install>/nexus-3.3.2-02/etc.
As per given link to update nexus.properties
Please suggest which file to use either nexus.properties file from sonatype-work/nexus3/etc or nexus-default.properties file inside <nexus_install>/nexus-3.3.2-02/etc
Also noticed the lines are commented in nexus.properties but not same in nexus-default.properties as shown below

Jetty section





Nexus section




please help what to update in nexus.properties file.



Can anyone help me to reply on this thread



Have you considered setting up a reverse-proxy, probably using nginx. You would be able to setup SSL comfortably using that.

Karan Kaushik


Hi Kaushik,

We are not using reverse-proxy and when i completed all the changes mentioned in link shared in previous update but still no luck



Oh that seems like a personal choice then i guess
But is there any particular reason why you aren’t opting for reverse proxy?