Re: SSL with Karaf

Tue, 05 Feb 2019 21:22:29 -0800 

Hi,

Just tested on Karaf 4.2.2 and I confirmed that it works well on Firefox
and Chrome according to the JB's blog post ;)

Regards,

François Papon
fpa...@apache.org

Le 06/02/2019 à 09:02, Jean-Baptiste Onofré a écrit :
> Hi Scott,
>
> I did a blog while ago about SSL with Karaf:
>
> http://blog.nanthrax.net/?p=316
>
>
> This config should work straigh forward:
>
> org.osgi.service.http.port=8181
> org.osgi.service.http.port.secure=8443
> org.osgi.service.http.secure.enabled=true
> org.ops4j.pax.web.ssl.keystore=./etc/keystores/keystore.jks
> org.ops4j.pax.web.ssl.password=password
> org.ops4j.pax.web.ssl.keypassword=password
>
> It seems this is SSL version issue with the browser. Did you try with
> another client like curl ?
> I will try with latest chrome version. I keep you posted.
>
> Regards
> JB
>
> On 05/02/2019 22:51, Leschke, Scott wrote:
>> I’m trying to get HTTPS working with Karaf and I’m looking at the
>> following page:  https://karaf.apache.org/manual/latest/webcontainer
>>
>>  
>>
>> I created a keystore using the following command:
>>
>> keytool –genkey –alias myapp -storetype pkcs12 –keystore .keystore.p12
>>
>>  
>>
>> I’m using the following org.ops4j.pax.web.cfg file
>>
>>  
>>
>> org.osgi.service.http.port=8181
>>
>> javax.servlet.context.tempdir=${karaf.data}/pax-web-jsp
>>
>> org.ops4j.pax.web.config.file=${karaf.etc}/jetty.xml
>>
>> org.apache.karaf.features.configKey = org.ops4j.pax.web
>>
>>  
>>
>> org.osgi.service.http.enabled=false
>>
>> org.osgi.service.https.enabled=true
>>
>> org.osgi.service.http.port.secure=8443
>>
>> org.osgi.service.http.secure.enabled=true
>>
>>  
>>
>> org.ops4j.pax.web.ssl.keystore=${karaf.home}/../.keystore.p12
>>
>> org.ops4j.pax.web.ssl.password= MYSTOREPWD
>>
>> org.ops4j.pax.web.ssl.keypassword=MYSTOREPWD
>>
>>  
>>
>>  
>>
>> It seems that no matter what I try the browser (Chrome) gives me the
>> following.  I’ve tried various things I’ve found online but to no avail.
>>
>> Anybody have recommendations?
>>
>>  
>>
>> This site can’t provide a secure connection
>>
>> *mysrv1* uses an unsupported protocol.
>>
>> ERR_SSL_VERSION_OR_CIPHER_MISMATCH
>>
>> Hide details
>>
>> *Unsupported protocol*
>>
>> The client and server don't support a common SSL protocol version or
>> cipher suite.
>>
>>  
>>

Reply via email to