| [jetty-users] Importing PKCS12 into java keystore |
|
Hi Team We are trying to import a PKCS12 file into java keystore whose password is different from the PKCS12 file password, Keytool command : keytool -importkeystore -srckeystore server.pkcs12 -srcstoretype PKCS12 -destkeystore keystore In this case, how to convey the information about keystore password and private-key-entry password in jetty-ssl.xml. jetty-ssl.xml is attached here jetty version used: 9.3.10.v20160621 Apache-karaf: 3.0.7 With java keystores, is it mandatory to have the private-key-entry password to be same as keystore password? Thanks in advance Regards Vikram |
<?xml version="1.0"?> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd";> <!-- ============================================================= --> <!-- Base SSL configuration --> <!-- This configuration needs to be used together with 1 or more --> <!-- of jetty-https.xml or jetty-http2.xml --> <!-- ============================================================= --> <Configure id="server" class="org.eclipse.jetty.server.Server"> <!-- =========================================================== --> <!-- Set connectors --> <!-- =========================================================== --> <!-- One of each type! --> <!-- =========================================================== --> <Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ServerConnector"> <Arg name="server"> <Ref refid="server" /> </Arg> <Arg> <New class="org.eclipse.jetty.util.ssl.SslContextFactory"> <Set name="keyStorePath"> <Property name="jetty.sslContext.keyStorePath" deprecated="jetty.keystore" default="etc/configuration/ssl/keystore" /> </Set> <Set name="keyStorePassword"> <Property name="jetty.sslContext.keyStorePassword" deprecated="jetty.keystore.password" default="OBF:1igd1iup1m841ri71m4a1irx1idt" /> </Set> <!--Set name="keyManagerPassword"> <Property default="OBF:194s194u194w194y" /> </Set--> <Set name="trustStorePath"> <Property name="jetty.sslContext.trustStorePath" deprecated="jetty.truststore" default="etc/configuration/ssl/truststore" /> </Set> <Set name="trustStorePassword"> <Property name="jetty.sslContext.trustStorePassword" deprecated="jetty.truststore.password" default="OBF:1igd1iup1m841ri71m4a1irx1idt" /> </Set> <Set name="needClientAuth"> <Property name="jetty.sslContext.needClientAuth" deprecated="jetty.ssl.needClientAuth" default="true" /> </Set> <Set name="excludeCipherSuites"> <Array type="java.lang.String"> <Item>SSL_RSA_WITH_DES_CBC_SHA </Item> <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA </Item> <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA </Item> <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5 </Item> <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA </Item> <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA </Item> <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA </Item> </Array> </Set> </New> </Arg> <Set name="host"> <Property name="jetty.ssl.host" deprecated="jetty.host" /> </Set> <Set name="port"> <SystemProperty name="jetty.auth.ssl.port" deprecated="ssl.port" default="9443" /> </Set> <Set name="idleTimeout"> <Property name="jetty.ssl.idleTimeout" deprecated="ssl.timeout" default="30000" /> </Set> </New> </Arg> </Call> </Configure>