Hi, just to be sure, you don't use and have etc/jetty.xml ?
I just tested and it works fine using different password for key and keystore. Regards JB On 27/10/2018 15:11, Leschke, Scott wrote: > From the example shown under the Configuration heading at > https://karaf.apache.org/manual/latest/webcontainer, it shows > > > > keytool -genkey -keyalg RSA -alias selfsigned -keystore > keystore -storepass karaf1234 -validity 360 -keysize 2048 > > > > Now, we can enable and configure the HTTPs connector with > this keystore in etc/org.ops4j.pax.web.cfg: > > > > org.osgi.service.http.port.secure=8443 > > org.osgi.service.http.secure.enabled=true > > org.ops4j.pax.web.ssl.keystore=/path/to/keystore > > org.ops4j.pax.web.ssl.password=foo > > org.ops4j.pax.web.ssl.keypassword=karaf1234 > > > > The documentation at: > https://ops4j1.jira.com/wiki/spaces/paxweb/pages/12059277/SSL+Configuration > says > > > > To enable SSL support you must set the following properties: > > > > org.osgi.service.http.secure.enabled to true > > org.ops4j.pax.web.ssl.keystore to the path to the > keystore to be used. If not set the default path ${user.home}/.keystore > is used. > > org.ops4j.pax.web.ssl.password to the password used for > keystore integrity check. The value can be in plain text or obfuscated ( > starting with OBF: ) as described in step 4 of jetty > documentation > > org.ops4j.pax.web.ssl.keypassword to the password used > for keystore. The value can be in plain text or obfuscated ( starting > with OBF: ) as described in step 4 of > jetty documentation > > > > The above would seem to indicate that the opposite of what you say is > actually true although when I tried setting ...password to the key > password and ...keypassword to the store password I couldn't get it to > work. I seem to recall that I tried it the other way around as well and > that didn't work either. > > Ultimately I ended up regenerating my keystore and dropping the key > password entirely which by default makes the key password the same as > the store password as far as I understand. I then set both properties > to the keystore password value which worked. > > > > I don't know why having a key password that differed from the keystore > password it didn't work but that's what I experienced. > > > > Regards, > > > > Scott > > > > -----Original Message----- > From: Jean-Baptiste Onofré [mailto:j...@nanthrax.net] > Sent: Friday, October 26, 2018 9:33 PM > To: user@karaf.apache.org > Subject: Re: Enabling HTTPS > > > > It's for the server side, so yes password is the keystore password and > > keypassword is the key password. > > > > Regards > > JB > > > > On 26/10/2018 16:02, Leschke, Scott wrote: > >> After doing some digging, it would appear that both of these properties > >> need to be set to the keystore password. > >> > >> org.ops4j.pax.web.ssl.password > >> > >> org.ops4j.pax.web.ssl.keypassword > >> > >> I’m still curious about the difference between: > >> > >> *org.osgi.service.http.secure.enabled=true* > >> > >> and > >> > >> *org.osgi.service.https.enabled=true* > >> > >> Scott > >> > >> > >> > >> *From:*Leschke, Scott [mailto:slesc...@medline.com] > >> *Sent:* Thursday, October 25, 2018 11:21 AM > >> *To:* user@karaf.apache.org > >> *Subject:* RE: Enabling HTTPS > >> > >> > >> > >> Actually, > >> > >> > >> > >> I saw most of that information at: > >> > https://ops4j1.jira.com/wiki/spaces/paxweb/pages/12059277/SSL+Configuration > >> > >> > >> > >> It says, Password used for keystore integrity check. > >> > >> > >> > >> Where does that pwd come from? The example in the Karaf doc doesn’t > >> show (it’s foo). > >> > >> > >> > >> *From:*Achim Nierbeck <bcanh...@googlemail.com> > >> *Sent:* Thursday, October 25, 2018 11:09 AM > >> *To:* user@karaf.apache.org > >> *Subject:* Re: Enabling HTTPS > >> > >> > >> > >> Hi, > >> > >> > >> > >> I'm sure you'll find some of your questions answered here: > >> http://ops4j.github.io/pax/web/SNAPSHOT/User-Guide.html#ssl-configuration > >> > >> > >> > >> regards, Achim > >> > >> > >> > >> Am Do., 25. Okt. 2018 um 17:59 Uhr schrieb Leschke, Scott > >> <slesc...@medline.com <mailto:slesc...@medline.com>>: > >> > >> I’m attempting to get https working by following the instructions > >> at: https://karaf.apache.org/manual/latest/webcontainer > >> > >> I’m confused by the setting for *org.ops4j.pax.web.ssl.password* > >> > >> What is that intended to be. How is it defined? > >> > >> > >> > >> Also, what’s the difference between these: > >> > >> *org.osgi.service.http.secure.enabled=true* > >> > >> and > >> > >> *org.osgi.service.https.enabled=true* ? > >> > >> > >> > >> Anyway, I’m getting the following: > >> > >> Caused by: java.security.UnrecoverableKeyException: failed to > >> decrypt safe contents entry: javax.crypto.BadPaddingException: Given > >> final block not properly padded. Such issues can arise if a bad key > >> is used during decryption. > >> > >> > >> > >> My org.ops4j.pax.web.cfg (slightly obfuscated) is shown below. > >> > >> > >> > >> Scott > >> > >> > >> > >> > >> > >> org.osgi.service.http.enabled=false > >> > >> org.osgi.service.http.port=8181 > >> > >> > >> > >> org.osgi.service.http.port.secure=8443 > >> > >> org.osgi.service.http.secure.enabled=true > >> > >> org.osgi.service.https.enabled=true > >> > >> > >> > >> org.ops4j.pax.web.config.file=${karaf.etc}/jetty.xml > >> > >> org.apache.karaf.features.configKey=org.ops4j.pax.web > >> > >> > >> > >> org.ops4j.pax.web.ssl.keystore=c:/KeyStorePath > >> > >> org.ops4j.pax.web.ssl.password=?? Not sure what this is exactly > >> > >> org.ops4j.pax.web.ssl.keypassword=MyKeystorePWD > >> > >> > >> > >> javax.servlet.context.tempdir=${karaf.data}/pax-web-jsp > >> > >> > >> > >> -- > >> > >> > >> Apache Member > >> > >> Apache Karaf <http://karaf.apache.org/> Committer & PMC > >> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer > >> & Project Lead > >> blog <http://notizblog.nierbeck.de/> > >> > >> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS> > >> > >> > >> > >> Software Architect / Project Manager / Scrum Master > >> > >> > >> >