SSL Help Please

root · ‎2018-02-10

Hello:
I generated a new SSL certificate from CA. It was delievered as .pem file. I converted it to .der file (so that it can be imported into jks)

openssl x509 -outform der -in mycertificate.pem -out mycertificate.der

I used following command to import the certificate into a new keystore:

keytool -import -alias push -keystore mykeystore.jks -file mycertificate.der

When I see the contents of the jks file, I see my imported certificate correctly:

keytool -keystore mykeystore.jks -list

Now, I edited the <karaf container>/etc/org.ops4j.pax.web.cfg

org.osgi.service.http.port=8040
org.osgi.service.http.port.secure=9001
org.osgi.service.http.secure.enabled=true
org.ops4j.pax.web.ssl.keystore=/path_to_mykeystore.jks
org.ops4j.pax.web.ssl.keypassword=<my keystore password>

I restarted the container. When I am accessing the web console at:
https://<mydomain>:9001/system/console nothing shows up. I see that 9001 port is not listening on my side. What am I doing wrong here?

Also, I am not seeing any logs in Runtime container logs.

Thanks in advance.

root · ‎2018-02-12

Turns out I did not import the private key in the keystore.

I ended up with:
openssl pkcs12 -export -inkey privkey.pem -in fullchain.pem -name push -out push.p12

keytool -importkeystore -srckeystore push.p12 -srcstoretype pkcs12 -destkeystore push.jks

After that, it worked. However, I am still trying to figure out how to get my REST service is HTTPS enabled.

David_Beaty · ‎2020-09-22

Hi @Calvin Plumberg

I'd strongly suggest using an Open Source app "KeyStore Explorer" that makes it all so much easier.

Thanks

Other

REST

v6.x