Hi Nikolaos,
On 06/07/2022 11:04, Nikolaos Beredimas wrote:
While trying to get Fuseki running over https I found this thread from
February
https://jena.markmail.org/message/2kqpd2tlinpdzpna?q=ssl+order:date-backward&page=1
1. I can confirm the provided xml works (tested on Fuseki 4.5.0)
Thanks for confirming that.
2. I am having some issues generating the needed pkcs12 certificate file.
a. When trying to generate a password-less pkcs12 file (openssl ...
-passout pass:) Fuseki doesn't complain when loading it, but I always get
SSL handshake errors and it doesn't work.
It is Jetty that is handling the certificate via the JDK.
Mentions like
https://stackoverflow.com/questions/58345405/how-to-use-non-password-protected-p12-ssl-certificate-in-spring-boot
(which is nearly 3 years old)
suggest a password was needed at some time in the past. Current jetty
documentation does not mention it one way of the other.
b. When trying to generate with a password I get mixed results:
OpenSSL 1.1.1f 31 Mar 2020 running on WSL2 Ubuntu 20.04 works fine. Fuseki
loads the certificate and works like a charm.
However, if I use OpenSSL 1.1.1o 3 May 2022 (running on
docker-linuxserver/docker-swag:latest) I get a strange exception stacktrace:
java.io.IOException: keystore password was incorrect
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source) ~[?:?]
at sun.security.util.KeyStoreDelegator.engineLoad(Unknown Source) ~[?:?]
at java.security.KeyStore.load(Unknown Source) ~[?:?]
at
org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:49)
~[fuseki-server.jar:4.5.0]
...
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe
contents entry: javax.crypto.BadPaddingException: Given final block not
properly padded. Such issues can arise if a bad key is used during
decryption.
... 28 more
I'm afraid I don't know what that indicates.
I would appreciate any input to pinpoint and solve any or both issues above.
We'd be interested in hearing what you find out.
Regards,
Nikolaos Beredimas
