Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Getting SSL working

Hi,

On Wed, Jan 18, 2017 at 7:44 PM, John English <john.foreign@xxxxxxxxx> wrote:
> Further enquiries suggest I haven't got the private key in the keystore.

Yep.

> I have two files from letsencrypt.org: fullchain.pem and privkey.pem. I have
> followed the instructions in the Jetty docs at
> http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#loading-keys-and-certificates-via-pkcks12:

I used basically the same commands to setup https://webtide.com, which
is served by Jetty (that also offloads TLS).
Differences inline.

> 1) openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out cert.p12
> -name foo.ddns.net

I first cat together the fullchain and the privkey and then imported
only one file.
Also, I did not use the -name option. Do you really need it ?

> 2) rm keystore.test
>
> 3) keytool -importkeystore -destkeystore keystore.test -srckeystore cert.p12
> -srcstoretype PKCS12 -srcstorepass x -alias foo.ddns.net

Here too, I did not use the -alias option.

> The server then fails to start (java.security.UnrecoverableKeyException:
> Cannot recover key).

Are passwords correct ?

> Looking at the keystore with keytool, it says this:
>
> Your keystore contains 1 entry
> foo.ddns.net, Jan 18, 2017, PrivateKeyEntry
>
> The examples I've seen suggest I should end up with 2 entries (a
> PrivateKeyEntry and a trustedCertEntry). Can anyone tell me what I'm doing
> wrong?

Not sure. Mind to try to follow the documentation exactly, and see if it works ?

-- 
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.


Back to the top