-
Notifications
You must be signed in to change notification settings - Fork 0
SSL:Java Keystores
lbonanomi edited this page Jun 18, 2020
·
5 revisions
If you see this:
Caused by: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
If Java is managing SSL directly: Java doesn't trust the certificate signer. If you have an internal CA append the intermediate certificate to the server's certificate.
If Java is behind an [[Apache]] proxy: If you have an internal CA save a copy of the intermediate certificate on the proxy host, and point to it with the [[Apache]] config directive SSLCertificateChainFile or create a stacked certificate (PEM/Chain/Key) and load with SSLCertificateFile.
openssl req -x509 -newkey rsa:4096 -nodes -out cert.pem -keyout key.pem -days 365
openssl pkcs12 -in $keystore.p12
openssl pkcs12 -export -in $keystore.txt -inkey $keystore.txt -out $keystore.p12 -name $key_name -CAfile $keystore.txt -caname root
keytool -importkeystore -srckeystore $keystore.jks -destkeystore $keystore.p12 -deststoretype PKCS12
- Create a new, empty keystore:
keytool -genkey -alias $alias -keyalg RSA -sigalg SHA256withRSA -keystore $keystore.jks
- Convert PKCS12 formatted file to java keystore:
keytool -importkeystore -deststorepass $STORE_PASSWORD -destkeypass $STORE_PASSWORD -destkeystore $keystore.jks -srckeystore $keystore.p12 -srcstoretype PKCS12 -srcstorepass $STORE_PASSWORD -alias $alias
- Backup-and-Restore
- Console
- Emergencies
- Housekeeping
- Integrations-and-External-Programs
- Search
- Throttles
- Usage