Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Getting SSL working


On Wed, Jan 18, 2017 at 7:44 PM, John English <john.foreign@xxxxxxxxx> wrote:
> Further enquiries suggest I haven't got the private key in the keystore.


> I have two files from fullchain.pem and privkey.pem. I have
> followed the instructions in the Jetty docs at

I used basically the same commands to setup, which
is served by Jetty (that also offloads TLS).
Differences inline.

> 1) openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out cert.p12
> -name

I first cat together the fullchain and the privkey and then imported
only one file.
Also, I did not use the -name option. Do you really need it ?

> 2) rm keystore.test
> 3) keytool -importkeystore -destkeystore keystore.test -srckeystore cert.p12
> -srcstoretype PKCS12 -srcstorepass x -alias

Here too, I did not use the -alias option.

> The server then fails to start (
> Cannot recover key).

Are passwords correct ?

> Looking at the keystore with keytool, it says this:
> Your keystore contains 1 entry
>, Jan 18, 2017, PrivateKeyEntry
> The examples I've seen suggest I should end up with 2 entries (a
> PrivateKeyEntry and a trustedCertEntry). Can anyone tell me what I'm doing
> wrong?

Not sure. Mind to try to follow the documentation exactly, and see if it works ?

Simone Bordet
Developer advice, training, services and support
from the Jetty & CometD experts.

Back to the top