Goodday,
I want to set up Geoserver 2.10.2 with SSL and a CA certificate on CentOS 7
Went through all the config steps but keep on getting:
...
java.io.IOException: Keystore was tampered with, or password was incorrect
...
...
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778)
... 30 more
I'm pretty sure that the password is correct so the problem must be
elsewhere.....
These are the steps I took:
1. Made a PKCS12 file from a KEY and a CRT file:
openssl pkcs12 -inkey jetty.key -in jetty.crt -export -out jetty.pkcs12
1. Put the PKCS in the keystore:
# keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12
-destkeystore keystore
Enter destination keystore password: <abc123>
Re-enter new password: <abc123>
Enter source keystore password: <correctpassword>
Entry for alias 1 successfully imported.
Entry for alias le-30311f8f-1100-46ef-afc7-a83bec2806e2 successfully imported.
Import command completed: 2 entries successfully imported, 0 entries failed or
cancelled
1. Enabled SSL in server.ini:
]# java -jar start.jar --add-to-start=ssl
INFO: ssl initialised in ${jetty.base}/start.ini
INFO: ssl enabled in ${jetty.base}/start.ini
INFO: ssl enabled in <transitive>
INFO: server initialised in ${jetty.base}/start.ini
INFO: server enabled in ${jetty.base}/start.ini
INFO: server enabled in <transitive>
INFO: resources initialised in ${jetty.base}/start.ini
INFO: resources enabled in ${jetty.base}/start.ini
INFO: resources enabled in <transitive>
1. obfuscate password abc123:
# java -cp jetty-util-9.2.13.v20150730.jar
org.eclipse.jetty.util.security.Password abc123
2017-08-24 16:23:47.147:INFO::main: Logging initialized @107ms
abc123
OBF:1igd1igf1igh1idp1idr1idt
MD5:e99a18c428cb38d5f260853678922e03
1. Edit jetty-ssl.xml:
<Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property
name="jetty.keystore" default="etc/keystore"/></Set>
<Set name="KeyStorePassword"><Property name="jetty.keystore.password"
default=" OBF:1igd1igf1igh1idp1idr1idt
"/></Set>
<Set name="KeyManagerPassword"><Property name="jetty.keymanager.password"
default=" OBF:1igd1igf1igh1idp1idr1idt"/></Set>
<Set name="TrustStorePath"><Property name="jetty.base" default="."
/>/<Property name="jetty.truststore" default="etc/keystore"/></Set>
<Set name="TrustStorePassword"><Property name="jetty.truststore.password"
default=" OBF:1igd1igf1igh1idp1idr1idt"/></Set>
1. Start geo server via startup.sh but nogo.
2. Check password in keystore
root@datalab [/opt/geoserver/geoserver-2.10.2]# keytool -list -keystore
/root/certificaat/keystore
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
1, Aug 24, 2017, PrivateKeyEntry,
Certificate fingerprint (SHA1):
##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##
le-3476114f-1100-46ef-afc7-a83bec2806e2, Aug 24, 2017, PrivateKeyEntry,
Certificate fingerprint (SHA1):
##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##:##
U ontvangt dit mailbericht van de gemeente Purmerend.
De gemeente Purmerend voert ook werkzaamheden uit voor en namens de gemeente
Beemster.
------------------------------------------------------------------
Disclaimer :
Aan de inhoud van dit bericht kunnen geen rechten worden ontleend.
De informatie is uitsluitend bestemd voor de geadresseerde.
Gebruik door anderen is verboden.
Openbaarmaking, vermenigvuldiging en verstrekking van deze
informatie aan derden is niet toegestaan.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
