[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [jetty-users] Getting SSL working
|
On 17/01/2017 19:57, Brian Reichert wrote:
On Tue, Jan 17, 2017 at 07:27:57PM +0200, John English wrote:
If your server is indeed serving the certificate you expect, then
your config is OK, but now you get to track down what your SSL issue
is, and that's not specific to jetty.
Further enquiries suggest I haven't got the private key in the keystore.
I have two files from letsencrypt.org: fullchain.pem and privkey.pem. I
have followed the instructions in the Jetty docs at
http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#loading-keys-and-certificates-via-pkcks12:
1) openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out
cert.p12 -name foo.ddns.net
2) rm keystore.test
3) keytool -importkeystore -destkeystore keystore.test -srckeystore
cert.p12 -srcstoretype PKCS12 -srcstorepass x -alias foo.ddns.net
The server then fails to start (java.security.UnrecoverableKeyException:
Cannot recover key).
Looking at the keystore with keytool, it says this:
Your keystore contains 1 entry
foo.ddns.net, Jan 18, 2017, PrivateKeyEntry
The examples I've seen suggest I should end up with 2 entries (a
PrivateKeyEntry and a trustedCertEntry). Can anyone tell me what I'm
doing wrong?
Thanks,
--
John English
