SSL Help Please

Eight Stars

SSL Help Please

Hello:
I generated a new SSL certificate from CA. It was delievered as .pem file. I converted it to .der file (so that it can be imported into jks)

openssl x509 -outform der -in mycertificate.pem -out mycertificate.der


I used following command to import the certificate into a new keystore:

keytool -import -alias push -keystore mykeystore.jks -file mycertificate.der



When I see the contents of the jks file, I see my imported certificate correctly:

keytool -keystore mykeystore.jks -list



Now, I edited the <karaf container>/etc/org.ops4j.pax.web.cfg

org.osgi.service.http.port=8040
org.osgi.service.http.port.secure=9001
org.osgi.service.http.secure.enabled=true
org.ops4j.pax.web.ssl.keystore=/path_to_mykeystore.jks
org.ops4j.pax.web.ssl.keypassword=<my keystore password>


I restarted the container. When I am accessing the web console at:
https://<mydomain>:9001/system/console nothing shows up. I see that 9001 port is not listening on my side. What am I doing wrong here?

 

Also, I am not seeing any logs in Runtime container logs.

Thanks in advance.

Eight Stars

Re: SSL Help Please

Turns out I did not import the private key in the keystore.

I ended up with:
openssl pkcs12 -export -inkey privkey.pem -in fullchain.pem -name push -out push.p12

keytool -importkeystore -srckeystore push.p12 -srcstoretype pkcs12 -destkeystore push.jks

After that, it worked. However, I am still trying to figure out how to get my REST service is HTTPS enabled.