Re: keystore for manager

Thu, 27 Aug 2020 04:00:30 -0700 

All,

I've proposed a PR here: https://github.com/apache/cloudstack/pull/4288

The issue was that newer Jetty 9 on 4.14 and master has deprecated how SSL 
connections are handled and fails with keystore related error. I've tested both 
JKS and PKCS12 type of keystore with (a) self-signed cert and (b) a valid 
wildcard cert with cert chains and it worked for me.


Regards.

________________________________
From: Rohit Yadav <rohit.ya...@shapeblue.com>
Sent: Thursday, August 27, 2020 13:21
To: us...@cloudstack.apache.org <us...@cloudstack.apache.org>; Rafael del Valle 
<rva...@privaz.io.INVALID>
Subject: Re: keystore for manager

Hi Rafael, All,

Yes, as you've identified this is a known blocker issue and we're working 
towards to fixing that. I think this has to do with migration towards Java11 
and change in the default keystore formats and I'm currently exploring the 
issue. This has been working with 4.13 that uses Java8.


Regards.

________________________________
From: Rafael del Valle <raf...@livelens.net.INVALID>
Sent: Wednesday, August 26, 2020 23:31
To: us...@cloudstack.apache.org <us...@cloudstack.apache.org>
Subject: keystore for manager

Hi!

I am not managing to generate a keystore for the manager (jetty 9 / java 11).

We have done this before many times as we also embed jetty in other projects.

But for some reason it keeps rejecting the keystore.

Anybody has any idea of that this could be about?

This is how we are doing it:

  - name: Generate PKCS#12 file
    openssl_pkcs12:
      action: export
      path: jetty.pkcs12
      friendly_name: jetty
      privatekey_path: Test_Server_Key.pem
      certificate_path: VDC_Test_Server.crt
      other_certificates:
        - VDC_Test_Intermediate_CA.crt
        - VDC_Test_CA.crt
      state: present
      passphrase: Secret

  - name: Generate Java Key Store
    shell: keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype 
PKCS12 -destkeystore keystore

​
Any idea what could be going on?

Rafael

rohit.ya...@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
3 London Bridge Street,  3rd floor, News Building, London  SE1 9SGUK
@shapeblue




rohit.ya...@shapeblue.com 
www.shapeblue.com
3 London Bridge Street,  3rd floor, News Building, London  SE1 9SGUK
@shapeblue

Reply via email to