[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[jetty-users] Importing PKCS12 into java keystore
|
Hi Team
We are trying to import a PKCS12 file into java keystore whose password is different from the PKCS12 file password,
Keytool command : keytool -importkeystore -srckeystore server.pkcs12 -srcstoretype PKCS12 -destkeystore keystore
In this case, how to convey the information about keystore password and private-key-entry password in jetty-ssl.xml.
jetty-ssl.xml is attached here
jetty version used: 9.3.10.v20160621
Apache-karaf: 3.0.7
With java keystores, is it mandatory to have the private-key-entry password to be same as keystore password?
Thanks in advance
Regards
Vikram
|
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
<!-- ============================================================= -->
<!-- Base SSL configuration -->
<!-- This configuration needs to be used together with 1 or more -->
<!-- of jetty-https.xml or jetty-http2.xml -->
<!-- ============================================================= -->
<Configure id="server" class="org.eclipse.jetty.server.Server">
<!-- =========================================================== -->
<!-- Set connectors -->
<!-- =========================================================== -->
<!-- One of each type! -->
<!-- =========================================================== -->
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server">
<Ref refid="server" />
</Arg>
<Arg>
<New class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="keyStorePath">
<Property name="jetty.sslContext.keyStorePath"
deprecated="jetty.keystore"
default="etc/configuration/ssl/keystore" />
</Set>
<Set name="keyStorePassword">
<Property
name="jetty.sslContext.keyStorePassword"
deprecated="jetty.keystore.password"
default="OBF:1igd1iup1m841ri71m4a1irx1idt" />
</Set>
<!--Set name="keyManagerPassword">
<Property
default="OBF:194s194u194w194y" />
</Set-->
<Set name="trustStorePath">
<Property name="jetty.sslContext.trustStorePath"
deprecated="jetty.truststore"
default="etc/configuration/ssl/truststore" />
</Set>
<Set name="trustStorePassword">
<Property
name="jetty.sslContext.trustStorePassword"
deprecated="jetty.truststore.password"
default="OBF:1igd1iup1m841ri71m4a1irx1idt" />
</Set>
<Set name="needClientAuth">
<Property name="jetty.sslContext.needClientAuth"
deprecated="jetty.ssl.needClientAuth"
default="true" />
</Set>
<Set name="excludeCipherSuites">
<Array type="java.lang.String">
<Item>SSL_RSA_WITH_DES_CBC_SHA
</Item>
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA
</Item>
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA
</Item>
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5
</Item>
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
</Item>
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
</Item>
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
</Item>
</Array>
</Set>
</New>
</Arg>
<Set name="host">
<Property name="jetty.ssl.host" deprecated="jetty.host" />
</Set>
<Set name="port">
<SystemProperty name="jetty.auth.ssl.port" deprecated="ssl.port"
default="9443" />
</Set>
<Set name="idleTimeout">
<Property name="jetty.ssl.idleTimeout"
deprecated="ssl.timeout" default="30000" />
</Set>
</New>
</Arg>
</Call>
</Configure>