// seems to assume same password is used for keystore as well as certificate.
// if keystore file name ends with "12", it's assumed to be in PKCS12 format.
static SSLServerSocketFactory makeSSLServerSocketFactory(File keystoreFile, S passphrase) ctex {
  KeyStore keystore = KeyStore.getInstance(
      endsWith(fileName(keystoreFile), "12") ? "PKCS12"
      : KeyStore.getDefaultType());
  temp InputStream keystoreStream = new FileInputStream(keystoreFile);
  keystore.load(keystoreStream, passphrase.toCharArray());
  TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
  trustManagerFactory.init(keystore);
  KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
  keyManagerFactory.init(keystore, passphrase.toCharArray());
  SSLContext ctx = SSLContext.getInstance("TLS");
  ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
  ret ctx.getServerSocketFactory();
}