Hi Jens,
Here's an example of how to import the SSL certificate's full cert chain
into your keystore file. In this example I'm using a cert from Let's Encrypt
<https://certbot.eff.org>. In the example we start with the cert files
generated by the Let's Encrypt certbot.
#!/bin/bash
HOSTNAME=www.example.com
HOST_ALIAS=`echo ${HOSTNAME} | sed "s/\./_/g"`
CERT_DIR=/etc/letsencrypt/live/${HOSTNAME}
P12_PASSWORD=my-p12-password
KEYSTORE_PASSWORD=my-keystore-password
KEYSTORE_FILE=my-keystore
# Convert the Let's Encrypt PEM files to a single pkcs12 file.
openssl pkcs12 -export -in ${CERT_DIR}/cert.pem -inkey ${CERT_DIR}/privkey.pem
-out cert_and_key.p12 -name ${HOST_ALIAS} -CAfile ${CERT_DIR}/chain.pem -caname
root -passin pass:${P12_PASSWORD} -passout pass:${P12_PASSWORD}
# Import the pkcs12 file into the keystore.
keytool -importkeystore -deststorepass ${KEYSTORE_PASSWORD} -destkeypass ${
KEYSTORE_PASSWORD} -destkeystore ${KEYSTORE_FILE} -srckeystore cert_and_key.p12
-srcstoretype PKCS12 -srcstorepass ${P12_PASSWORD} -alias ${HOST_ALIAS}
# Remove the pkcs12 file, since it is no longer needed.
rm cert_and_key.p12
I've used Let's Encrypt certs in my Dropwizard based web services and they
work nicely. I hope this helps.
Regards,
Douglas
On Tuesday, August 2, 2016 at 8:44:21 AM UTC-4, Jens Rantil wrote:
>
> Hi,
>
> I've previously asked this question on
> http://stackoverflow.com/q/33280281/260805, but haven't gotten a
> successful answer yet.
>
> I have a local Dropwizard application which is serving TLS traffic. It
> works, but I haven't been able to figure out how I can make my application
> to serve my intermediate certificate.
>
> The Dropwizard <http://www.dropwizard.io/> example project has a single
> certificate
> <https://github.com/dropwizard/dropwizard/blob/master/dropwizard-example/example.yml>
> without
> intermediate certificate
> <https://github.com/dropwizard/dropwizard/blob/master/dropwizard-example/example.keystore>
>
> and the HTTPS configuration
> <https://dropwizard.github.io/dropwizard/manual/configuration.html#https>
> doesn't mention anything regarding intermediate certs. Is it possible to
> configure Dropwizard to deliver intermediate certificates? How?
>
> Thanks,
> Jens
>
--
You received this message because you are subscribed to the Google Groups
"dropwizard-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
