|Re: [jetty-users] Keystore Problems|
Thanks Simone, I will give Keystore Explorer and try and report back.
What I really want is quite simple: a series of commands that will take as input a private key, a new SSL certificate, and a series of intermediate/CA certificates and create a PKCS12 keystore that Jetty can use.
All permutations, combinations, and attempts thus far over several days results in a keystore that throws the UnrecoverableKeyException.
Those attempts include: starting with a key that has/does not have a password, including/not including the key at the beginning of the file containing the SSL certificate and intermediate certificates, starting by creating a JKS keystore then converting it to PKCS12, starting by creating a PKCS12 keystore directly, adding/modifying a keystore password after creating the PKCS12 keystore, and probably several more I forgot. This morning's attempts involved cutting and pasting example commands directly from the Jetty documentation, then modifying the specifics.
One would expect that even though I apparently got on a slow horse, I would eventually stumble into some combination that would work, but it seems quite elusive.
Information Security Office
California State University, Chico
From: jetty-users-bounces@xxxxxxxxxxx <jetty-users-bounces@xxxxxxxxxxx> on behalf of Simone Bordet <sbordet@xxxxxxxxxxx>
Sent: Tuesday, May 26, 2020 11:18 AM
To: JETTY user mailing list <jetty-users@xxxxxxxxxxx>
Subject: Re: [jetty-users] Keystore Problems
On Tue, May 26, 2020 at 8:07 PM David C Fuhs <dfuhs@xxxxxxxxxxxx> wrote:
> To generate the private key:
> openssl genrsa 4096 > new_host.key
> To combine the SSL certificate plus CA certificates into one file:
> cat ssl_cert interm_certs > combined_certs
> Results in a file with the SSL certificate first, followed by the intermediate certificates, with the root CA certificate last in the file.
> Stack traces follow, the first is using the JKS version of the keystore, the second with the PKCS12 version of the keystore.
Can you open the keyStores using:
If you cannot, then the keyStores are wrong.
There is no need to use the JKS format anymore, keep the keyStores in PKCS12.
Make sure that you are using a keyStore password only (not a
keyManager password), unless you really want to.
If you have a keyManager password, then you have to configure Jetty with it.
Developer advice, training, services and support
from the Jetty & CometD experts.
jetty-users mailing list
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
Back to the top