Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Getting SSL working

On 17/01/2017 19:57, Brian Reichert wrote:
On Tue, Jan 17, 2017 at 07:27:57PM +0200, John English wrote:
If your server is indeed serving the certificate you expect, then
your config is OK, but now you get to track down what your SSL issue
is, and that's not specific to jetty.

Further enquiries suggest I haven't got the private key in the keystore. I have two files from fullchain.pem and privkey.pem. I have followed the instructions in the Jetty docs at

1) openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out cert.p12 -name

2) rm keystore.test

3) keytool -importkeystore -destkeystore keystore.test -srckeystore cert.p12 -srcstoretype PKCS12 -srcstorepass x -alias

The server then fails to start ( Cannot recover key).

Looking at the keystore with keytool, it says this:

Your keystore contains 1 entry, Jan 18, 2017, PrivateKeyEntry

The examples I've seen suggest I should end up with 2 entries (a PrivateKeyEntry and a trustedCertEntry). Can anyone tell me what I'm doing wrong?

John English

Back to the top