RE: Enabling HTTPS
No I have not modified etc/jetty.xml. Does that have to be updated as well?
-Original Message-
From: Jean-Baptiste Onofré [mailto:j...@nanthrax.net]
Sent: Saturday, October 27, 2018 9:16 AM
To: user@karaf.apache.org
Subject: Re: Enabling HTTPS
Hi,
just to be sure, you don't use and have etc/jetty.xml ?
I just tested and it works fine using different password for key and
keystore.
Regards
JB
On 27/10/2018 15:11, Leschke, Scott wrote:
> From the example shown under the Configuration heading at
> https://karaf.apache.org/manual/latest/webcontainer, it shows
>
>
>
> keytool -genkey -keyalg RSA -alias selfsigned -keystore
> keystore -storepass karaf1234 -validity 360 -keysize 2048
>
>
>
> Now, we can enable and configure the HTTPs connector with
> this keystore in etc/org.ops4j.pax.web.cfg:
>
>
>
> org.osgi.service.http.port.secure=8443
>
> org.osgi.service.http.secure.enabled=true
>
> org.ops4j.pax.web.ssl.keystore=/path/to/keystore
>
> org.ops4j.pax.web.ssl.password=foo
>
> org.ops4j.pax.web.ssl.keypassword=karaf1234
>
>
>
> The documentation at:
> https://ops4j1.jira.com/wiki/spaces/paxweb/pages/12059277/SSL+Configuration
> says
>
>
>
> To enable SSL support you must set the following properties:
>
>
>
> org.osgi.service.http.secure.enabled to true
>
> org.ops4j.pax.web.ssl.keystore to the path to the
> keystore to be used. If not set the default path ${user.home}/.keystore
> is used.
>
> org.ops4j.pax.web.ssl.password to the password used for
> keystore integrity check. The value can be in plain text or obfuscated (
> starting with OBF: ) as described in step 4 of jetty
> documentation
>
> org.ops4j.pax.web.ssl.keypassword to the password used
> for keystore. The value can be in plain text or obfuscated ( starting
> with OBF: ) as described in step 4 of
> jetty documentation
>
>
>
> The above would seem to indicate that the opposite of what you say is
> actually true although when I tried setting ...password to the key
> password and ...keypassword to the store password I couldn't get it to
> work. I seem to recall that I tried it the other way around as well and
> that didn't work either.
>
> Ultimately I ended up regenerating my keystore and dropping the key
> password entirely which by default makes the key password the same as
> the store password as far as I understand. I then set both properties
> to the keystore password value which worked.
>
>
>
> I don't know why having a key password that differed from the keystore
> password it didn't work but that's what I experienced.
>
>
>
> Regards,
>
>
>
> Scott
>
>
>
> -Original Message-
> From: Jean-Baptiste Onofré [mailto:j...@nanthrax.net]
> Sent: Friday, October 26, 2018 9:33 PM
> To: user@karaf.apache.org
> Subject: Re: Enabling HTTPS
>
>
>
> It's for the server side, so yes password is the keystore password and
>
> keypassword is the key password.
>
>
>
> Regards
>
> JB
>
>
>
> On 26/10/2018 16:02, Leschke, Scott wrote:
>
>> After doing some digging, it would appear that both of these properties
>
>> need to be set to the keystore password.
>
>>
>
>> org.ops4j.pax.web.ssl.password
>
>>
>
>> org.ops4j.pax.web.ssl.keypassword
>
>>
>
>> I’m still curious about the difference between:
>
>>
>
>> *org.osgi.service.http.secure.enabled=true*
>
>>
>
>> and
>
>>
>
>> *org.osgi.service.https.enabled=true*
>
>>
>
>> Scott
>
>>
>
>>
>
>>
>
>> *From:*Leschke, Scott [mailto:slesc...@medline.com]
>
>> *Sent:* Thursday, October 25, 2018 11:21 AM
>
>> *To:* user@karaf.apache.org
>
>> *Subject:* RE: Enabling HTTPS
>
>>
>
>>
>
>>
>
>> Actually,
>
>>
>
>>
>
>>
>
>> I saw most of that information at:
>
>>
> https://ops4j1.jira.com/wiki/spaces/paxweb/pages/12059277/SSL+Configuration
>
>>
>
>>
>
>>
>
>> It says, Password used for keystore integrity check.
>
>>
>
>>
>
>>
>
>> Where does that pwd come from? The example in the Karaf doc doesn’t
>
>> show (it’s foo).
>
>>
>
>>
>
>>
>
>> *From:*Achim
Re: Enabling HTTPS
Hi,
just to be sure, you don't use and have etc/jetty.xml ?
I just tested and it works fine using different password for key and
keystore.
Regards
JB
On 27/10/2018 15:11, Leschke, Scott wrote:
> From the example shown under the Configuration heading at
> https://karaf.apache.org/manual/latest/webcontainer, it shows
>
>
>
> keytool -genkey -keyalg RSA -alias selfsigned -keystore
> keystore -storepass karaf1234 -validity 360 -keysize 2048
>
>
>
> Now, we can enable and configure the HTTPs connector with
> this keystore in etc/org.ops4j.pax.web.cfg:
>
>
>
> org.osgi.service.http.port.secure=8443
>
> org.osgi.service.http.secure.enabled=true
>
> org.ops4j.pax.web.ssl.keystore=/path/to/keystore
>
> org.ops4j.pax.web.ssl.password=foo
>
> org.ops4j.pax.web.ssl.keypassword=karaf1234
>
>
>
> The documentation at:
> https://ops4j1.jira.com/wiki/spaces/paxweb/pages/12059277/SSL+Configuration
> says
>
>
>
> To enable SSL support you must set the following properties:
>
>
>
> org.osgi.service.http.secure.enabled to true
>
> org.ops4j.pax.web.ssl.keystore to the path to the
> keystore to be used. If not set the default path ${user.home}/.keystore
> is used.
>
> org.ops4j.pax.web.ssl.password to the password used for
> keystore integrity check. The value can be in plain text or obfuscated (
> starting with OBF: ) as described in step 4 of jetty
> documentation
>
> org.ops4j.pax.web.ssl.keypassword to the password used
> for keystore. The value can be in plain text or obfuscated ( starting
> with OBF: ) as described in step 4 of
> jetty documentation
>
>
>
> The above would seem to indicate that the opposite of what you say is
> actually true although when I tried setting ...password to the key
> password and ...keypassword to the store password I couldn't get it to
> work. I seem to recall that I tried it the other way around as well and
> that didn't work either.
>
> Ultimately I ended up regenerating my keystore and dropping the key
> password entirely which by default makes the key password the same as
> the store password as far as I understand. I then set both properties
> to the keystore password value which worked.
>
>
>
> I don't know why having a key password that differed from the keystore
> password it didn't work but that's what I experienced.
>
>
>
> Regards,
>
>
>
> Scott
>
>
>
> -Original Message-
> From: Jean-Baptiste Onofré [mailto:j...@nanthrax.net]
> Sent: Friday, October 26, 2018 9:33 PM
> To: user@karaf.apache.org
> Subject: Re: Enabling HTTPS
>
>
>
> It's for the server side, so yes password is the keystore password and
>
> keypassword is the key password.
>
>
>
> Regards
>
> JB
>
>
>
> On 26/10/2018 16:02, Leschke, Scott wrote:
>
>> After doing some digging, it would appear that both of these properties
>
>> need to be set to the keystore password.
>
>>
>
>> org.ops4j.pax.web.ssl.password
>
>>
>
>> org.ops4j.pax.web.ssl.keypassword
>
>>
>
>> I’m still curious about the difference between:
>
>>
>
>> *org.osgi.service.http.secure.enabled=true*
>
>>
>
>> and
>
>>
>
>> *org.osgi.service.https.enabled=true*
>
>>
>
>> Scott
>
>>
>
>>
>
>>
>
>> *From:*Leschke, Scott [mailto:slesc...@medline.com]
>
>> *Sent:* Thursday, October 25, 2018 11:21 AM
>
>> *To:* user@karaf.apache.org
>
>> *Subject:* RE: Enabling HTTPS
>
>>
>
>>
>
>>
>
>> Actually,
>
>>
>
>>
>
>>
>
>> I saw most of that information at:
>
>>
> https://ops4j1.jira.com/wiki/spaces/paxweb/pages/12059277/SSL+Configuration
>
>>
>
>>
>
>>
>
>> It says, Password used for keystore integrity check.
>
>>
>
>>
>
>>
>
>> Where does that pwd come from? The example in the Karaf doc doesn’t
>
>> show (it’s foo).
>
>>
>
>>
>
>>
>
>> *From:*Achim Nierbeck
>
>> *Sent:* Thursday, October 25, 2018 11:09 AM
>
>> *To:* user@karaf.apache.org
>
>> *Subject:* Re: Enabling HTTPS
>
>>
>
>>
>
>&g
RE: Enabling HTTPS
From the example shown under the Configuration heading at
https://karaf.apache.org/manual/latest/webcontainer, it shows
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore
-storepass karaf1234 -validity 360 -keysize 2048
Now, we can enable and configure the HTTPs connector with this
keystore in etc/org.ops4j.pax.web.cfg:
org.osgi.service.http.port.secure=8443
org.osgi.service.http.secure.enabled=true
org.ops4j.pax.web.ssl.keystore=/path/to/keystore
org.ops4j.pax.web.ssl.password=foo
org.ops4j.pax.web.ssl.keypassword=karaf1234
The documentation at:
https://ops4j1.jira.com/wiki/spaces/paxweb/pages/12059277/SSL+Configuration says
To enable SSL support you must set the following properties:
org.osgi.service.http.secure.enabled to true
org.ops4j.pax.web.ssl.keystore to the path to the keystore to be
used. If not set the default path ${user.home}/.keystore is used.
org.ops4j.pax.web.ssl.password to the password used for keystore
integrity check. The value can be in plain text or obfuscated ( starting with
OBF: ) as described in step 4 of jetty documentation
org.ops4j.pax.web.ssl.keypassword to the password used for
keystore. The value can be in plain text or obfuscated ( starting with OBF: )
as described in step 4 of jetty documentation
The above would seem to indicate that the opposite of what you say is actually
true although when I tried setting ...password to the key password and
...keypassword to the store password I couldn't get it to work. I seem to
recall that I tried it the other way around as well and that didn't work either.
Ultimately I ended up regenerating my keystore and dropping the key password
entirely which by default makes the key password the same as the store password
as far as I understand. I then set both properties to the keystore password
value which worked.
I don't know why having a key password that differed from the keystore password
it didn't work but that's what I experienced.
Regards,
Scott
-Original Message-
From: Jean-Baptiste Onofré [mailto:j...@nanthrax.net]
Sent: Friday, October 26, 2018 9:33 PM
To: user@karaf.apache.org
Subject: Re: Enabling HTTPS
It's for the server side, so yes password is the keystore password and
keypassword is the key password.
Regards
JB
On 26/10/2018 16:02, Leschke, Scott wrote:
> After doing some digging, it would appear that both of these properties
> need to be set to the keystore password.
>
> org.ops4j.pax.web.ssl.password
>
> org.ops4j.pax.web.ssl.keypassword
>
> I’m still curious about the difference between:
>
> *org.osgi.service.http.secure.enabled=true*
>
> and
>
> *org.osgi.service.https.enabled=true*
>
> Scott
>
>
>
> *From:*Leschke, Scott [mailto:slesc...@medline.com]
> *Sent:* Thursday, October 25, 2018 11:21 AM
> *To:* user@karaf.apache.org
> *Subject:* RE: Enabling HTTPS
>
>
>
> Actually,
>
>
>
> I saw most of that information at:
> https://ops4j1.jira.com/wiki/spaces/paxweb/pages/12059277/SSL+Configuration
>
>
>
> It says, Password used for keystore integrity check.
>
>
>
> Where does that pwd come from? The example in the Karaf doc doesn’t
> show (it’s foo).
>
>
>
> *From:*Achim Nierbeck
> *Sent:* Thursday, October 25, 2018 11:09 AM
> *To:* user@karaf.apache.org
> *Subject:* Re: Enabling HTTPS
>
>
>
> Hi,
>
>
>
> I'm sure you'll find some of your questions answered here:
> http://ops4j.github.io/pax/web/SNAPSHOT/User-Guide.html#ssl-configuration
>
>
>
> regards, Achim
>
>
>
> Am Do., 25. Okt. 2018 um 17:59 Uhr schrieb Leschke, Scott
> mailto:slesc...@medline.com>>:
>
> I’m attempting to get https working by following the instructions
> at: https://karaf.apache.org/manual/latest/webcontainer
>
> I’m confused by the setting for *org.ops4j.pax.web.ssl.password*
>
> What is that intended to be. How is it defined?
>
>
>
> Also, what’s the difference between these:
>
> *org.osgi.service.http.secure.enabled=true*
>
> and
>
> *org.osgi.service.https.enabled=true* ?
>
>
>
> Anyway, I’m getting the following:
>
> Caused by: java.security.UnrecoverableKeyException: failed to
> decrypt safe contents entry: javax.crypto.BadPaddingException: Given
> final block not properly padded. Such issues can arise if a bad key
> is used during decryption.
>
>
>
> My org.ops4j.pax.web.cfg (slightly obf
Re: Enabling HTTPS
It's for the server side, so yes password is the keystore password and
keypassword is the key password.
Regards
JB
On 26/10/2018 16:02, Leschke, Scott wrote:
> After doing some digging, it would appear that both of these properties
> need to be set to the keystore password.
>
> org.ops4j.pax.web.ssl.password
>
> org.ops4j.pax.web.ssl.keypassword
>
> I’m still curious about the difference between:
>
> *org.osgi.service.http.secure.enabled=true*
>
> and
>
> *org.osgi.service.https.enabled=true*
>
> Scott
>
>
>
> *From:*Leschke, Scott [mailto:slesc...@medline.com]
> *Sent:* Thursday, October 25, 2018 11:21 AM
> *To:* user@karaf.apache.org
> *Subject:* RE: Enabling HTTPS
>
>
>
> Actually,
>
>
>
> I saw most of that information at:
> https://ops4j1.jira.com/wiki/spaces/paxweb/pages/12059277/SSL+Configuration
>
>
>
> It says, Password used for keystore integrity check.
>
>
>
> Where does that pwd come from? The example in the Karaf doc doesn’t
> show (it’s foo).
>
>
>
> *From:*Achim Nierbeck
> *Sent:* Thursday, October 25, 2018 11:09 AM
> *To:* user@karaf.apache.org
> *Subject:* Re: Enabling HTTPS
>
>
>
> Hi,
>
>
>
> I'm sure you'll find some of your questions answered here:
> http://ops4j.github.io/pax/web/SNAPSHOT/User-Guide.html#ssl-configuration
>
>
>
> regards, Achim
>
>
>
> Am Do., 25. Okt. 2018 um 17:59 Uhr schrieb Leschke, Scott
> mailto:slesc...@medline.com>>:
>
> I’m attempting to get https working by following the instructions
> at: https://karaf.apache.org/manual/latest/webcontainer
>
> I’m confused by the setting for *org.ops4j.pax.web.ssl.password*
>
> What is that intended to be. How is it defined?
>
>
>
> Also, what’s the difference between these:
>
> *org.osgi.service.http.secure.enabled=true*
>
> and
>
> *org.osgi.service.https.enabled=true* ?
>
>
>
> Anyway, I’m getting the following:
>
> Caused by: java.security.UnrecoverableKeyException: failed to
> decrypt safe contents entry: javax.crypto.BadPaddingException: Given
> final block not properly padded. Such issues can arise if a bad key
> is used during decryption.
>
>
>
> My org.ops4j.pax.web.cfg (slightly obfuscated) is shown below.
>
>
>
> Scott
>
>
>
>
>
> org.osgi.service.http.enabled=false
>
> org.osgi.service.http.port=8181
>
>
>
> org.osgi.service.http.port.secure=8443
>
> org.osgi.service.http.secure.enabled=true
>
> org.osgi.service.https.enabled=true
>
>
>
> org.ops4j.pax.web.config.file=${karaf.etc}/jetty.xml
>
> org.apache.karaf.features.configKey=org.ops4j.pax.web
>
>
>
> org.ops4j.pax.web.ssl.keystore=c:/KeyStorePath
>
> org.ops4j.pax.web.ssl.password=?? Not sure what this is exactly
>
> org.ops4j.pax.web.ssl.keypassword=MyKeystorePWD
>
>
>
> javax.servlet.context.tempdir=${karaf.data}/pax-web-jsp
>
>
>
> --
>
>
> Apache Member
>
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer
> & Project Lead
> blog <http://notizblog.nierbeck.de/>
>
> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>
>
>
> Software Architect / Project Manager / Scrum Master
>
>
>
Re: Enabling HTTPS
The standard properties are described here
https://osgi.org/specification/osgi.cmpn/7.0.0/service.http.whiteboard.html#d0e121935
<https://osgi.org/specification/osgi.cmpn/7.0.0/service.http.whiteboard.html#d0e121935>
Neither of the properties that you’ve named appear to be part of any standard,
which means that someone has put their own configuration properties into the
OSGi namespace…
Tim
> On 26 Oct 2018, at 15:02, Leschke, Scott wrote:
>
> After doing some digging, it would appear that both of these properties need
> to be set to the keystore password.
> org.ops4j.pax.web.ssl.password
> org.ops4j.pax.web.ssl.keypassword
> I’m still curious about the difference between:
> org.osgi.service.http.secure.enabled=true
> and
> org.osgi.service.https.enabled=true
> Scott
>
> From: Leschke, Scott [mailto:slesc...@medline.com]
> Sent: Thursday, October 25, 2018 11:21 AM
> To: user@karaf.apache.org
> Subject: RE: Enabling HTTPS
>
> Actually,
>
> I saw most of that information at:
> https://ops4j1.jira.com/wiki/spaces/paxweb/pages/12059277/SSL+Configuration
> <https://ops4j1.jira.com/wiki/spaces/paxweb/pages/12059277/SSL+Configuration>
>
> It says, Password used for keystore integrity check.
>
> Where does that pwd come from? The example in the Karaf doc doesn’t show
> (it’s foo).
>
> From: Achim Nierbeck
> Sent: Thursday, October 25, 2018 11:09 AM
> To: user@karaf.apache.org
> Subject: Re: Enabling HTTPS
>
> Hi,
>
> I'm sure you'll find some of your questions answered here:
> http://ops4j.github.io/pax/web/SNAPSHOT/User-Guide.html#ssl-configuration
> <http://ops4j.github.io/pax/web/SNAPSHOT/User-Guide.html#ssl-configuration>
>
> regards, Achim
>
> Am Do., 25. Okt. 2018 um 17:59 Uhr schrieb Leschke, Scott
> mailto:slesc...@medline.com>>:
> I’m attempting to get https working by following the instructions at:
> https://karaf.apache.org/manual/latest/webcontainer
> <https://karaf.apache.org/manual/latest/webcontainer>
> I’m confused by the setting for org.ops4j.pax.web.ssl.password
> What is that intended to be. How is it defined?
>
> Also, what’s the difference between these:
> org.osgi.service.http.secure.enabled=true
> and
> org.osgi.service.https.enabled=true ?
>
> Anyway, I’m getting the following:
> Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe
> contents entry: javax.crypto.BadPaddingException: Given final block not
> properly padded. Such issues can arise if a bad key is used during decryption.
>
> My org.ops4j.pax.web.cfg (slightly obfuscated) is shown below.
>
> Scott
>
>
> org.osgi.service.http.enabled=false
> org.osgi.service.http.port=8181
>
> org.osgi.service.http.port.secure=8443
> org.osgi.service.http.secure.enabled=true
> org.osgi.service.https.enabled=true
>
> org.ops4j.pax.web.config.file=${karaf.etc}/jetty.xml
> org.apache.karaf.features.configKey=org.ops4j.pax.web
>
> org.ops4j.pax.web.ssl.keystore=c:/KeyStorePath
> org.ops4j.pax.web.ssl.password=?? Not sure what this is exactly
> org.ops4j.pax.web.ssl.keypassword=MyKeystorePWD
>
> javax.servlet.context.tempdir=${karaf.data}/pax-web-jsp
>
>
> --
>
> Apache Member
> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer
> & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/
> <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer & Project Lead
> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS
> <http://bit.ly/1ps9rkS>>
>
> Software Architect / Project Manager / Scrum Master
RE: Enabling HTTPS
After doing some digging, it would appear that both of these properties need to
be set to the keystore password.
org.ops4j.pax.web.ssl.password
org.ops4j.pax.web.ssl.keypassword
I’m still curious about the difference between:
org.osgi.service.http.secure.enabled=true
and
org.osgi.service.https.enabled=true
Scott
From: Leschke, Scott [mailto:slesc...@medline.com]
Sent: Thursday, October 25, 2018 11:21 AM
To: user@karaf.apache.org
Subject: RE: Enabling HTTPS
Actually,
I saw most of that information at:
https://ops4j1.jira.com/wiki/spaces/paxweb/pages/12059277/SSL+Configuration
It says, Password used for keystore integrity check.
Where does that pwd come from? The example in the Karaf doc doesn’t show (it’s
foo).
From: Achim Nierbeck
Sent: Thursday, October 25, 2018 11:09 AM
To: user@karaf.apache.org
Subject: Re: Enabling HTTPS
Hi,
I'm sure you'll find some of your questions answered here:
http://ops4j.github.io/pax/web/SNAPSHOT/User-Guide.html#ssl-configuration
regards, Achim
Am Do., 25. Okt. 2018 um 17:59 Uhr schrieb Leschke, Scott
mailto:slesc...@medline.com>>:
I’m attempting to get https working by following the instructions at:
https://karaf.apache.org/manual/latest/webcontainer
I’m confused by the setting for org.ops4j.pax.web.ssl.password
What is that intended to be. How is it defined?
Also, what’s the difference between these:
org.osgi.service.http.secure.enabled=true
and
org.osgi.service.https.enabled=true ?
Anyway, I’m getting the following:
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe
contents entry: javax.crypto.BadPaddingException: Given final block not
properly padded. Such issues can arise if a bad key is used during decryption.
My org.ops4j.pax.web.cfg (slightly obfuscated) is shown below.
Scott
org.osgi.service.http.enabled=false
org.osgi.service.http.port=8181
org.osgi.service.http.port.secure=8443
org.osgi.service.http.secure.enabled=true
org.osgi.service.https.enabled=true
org.ops4j.pax.web.config.file=${karaf.etc}/jetty.xml
org.apache.karaf.features.configKey=org.ops4j.pax.web
org.ops4j.pax.web.ssl.keystore=c:/KeyStorePath
org.ops4j.pax.web.ssl.password=?? Not sure what this is exactly
org.ops4j.pax.web.ssl.keypassword=MyKeystorePWD
javax.servlet.context.tempdir=${karaf.data}/pax-web-jsp
--
Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
Software Architect / Project Manager / Scrum Master
Re: Enabling HTTPS
Hi Scott,
you can take a look on this blog post:
http://blog.nanthrax.net/?p=316
It's a step by step HTTPs configuration (with mutual auth optionally).
Regards
JB
On 25/10/2018 17:59, Leschke, Scott wrote:
> I’m attempting to get https working by following the instructions at:
> https://karaf.apache.org/manual/latest/webcontainer
>
> I’m confused by the setting for *org.ops4j.pax.web.ssl.password*
>
> What is that intended to be. How is it defined?
>
>
>
> Also, what’s the difference between these:
>
> *org.osgi.service.http.secure.enabled=true*
>
> and
>
> *org.osgi.service.https.enabled=true* ?
>
>
>
> Anyway, I’m getting the following:
>
> Caused by: java.security.UnrecoverableKeyException: failed to decrypt
> safe contents entry: javax.crypto.BadPaddingException: Given final block
> not properly padded. Such issues can arise if a bad key is used during
> decryption.
>
>
>
> My org.ops4j.pax.web.cfg (slightly obfuscated) is shown below.
>
>
>
> Scott
>
>
>
>
>
> org.osgi.service.http.enabled=false
>
> org.osgi.service.http.port=8181
>
>
>
> org.osgi.service.http.port.secure=8443
>
> org.osgi.service.http.secure.enabled=true
>
> org.osgi.service.https.enabled=true
>
>
>
> org.ops4j.pax.web.config.file=${karaf.etc}/jetty.xml
>
> org.apache.karaf.features.configKey=org.ops4j.pax.web
>
>
>
> org.ops4j.pax.web.ssl.keystore=c:/KeyStorePath
>
> org.ops4j.pax.web.ssl.password=?? Not sure what this is exactly
>
> org.ops4j.pax.web.ssl.keypassword=MyKeystorePWD
>
>
>
> javax.servlet.context.tempdir=${karaf.data}/pax-web-jsp
>
RE: Enabling HTTPS
Actually,
I saw most of that information at:
https://ops4j1.jira.com/wiki/spaces/paxweb/pages/12059277/SSL+Configuration
It says, Password used for keystore integrity check.
Where does that pwd come from? The example in the Karaf doc doesn’t show (it’s
foo).
From: Achim Nierbeck
Sent: Thursday, October 25, 2018 11:09 AM
To: user@karaf.apache.org
Subject: Re: Enabling HTTPS
Hi,
I'm sure you'll find some of your questions answered here:
http://ops4j.github.io/pax/web/SNAPSHOT/User-Guide.html#ssl-configuration
regards, Achim
Am Do., 25. Okt. 2018 um 17:59 Uhr schrieb Leschke, Scott
mailto:slesc...@medline.com>>:
I’m attempting to get https working by following the instructions at:
https://karaf.apache.org/manual/latest/webcontainer
I’m confused by the setting for org.ops4j.pax.web.ssl.password
What is that intended to be. How is it defined?
Also, what’s the difference between these:
org.osgi.service.http.secure.enabled=true
and
org.osgi.service.https.enabled=true ?
Anyway, I’m getting the following:
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe
contents entry: javax.crypto.BadPaddingException: Given final block not
properly padded. Such issues can arise if a bad key is used during decryption.
My org.ops4j.pax.web.cfg (slightly obfuscated) is shown below.
Scott
org.osgi.service.http.enabled=false
org.osgi.service.http.port=8181
org.osgi.service.http.port.secure=8443
org.osgi.service.http.secure.enabled=true
org.osgi.service.https.enabled=true
org.ops4j.pax.web.config.file=${karaf.etc}/jetty.xml
org.apache.karaf.features.configKey=org.ops4j.pax.web
org.ops4j.pax.web.ssl.keystore=c:/KeyStorePath
org.ops4j.pax.web.ssl.password=?? Not sure what this is exactly
org.ops4j.pax.web.ssl.keypassword=MyKeystorePWD
javax.servlet.context.tempdir=${karaf.data}/pax-web-jsp
--
Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
Software Architect / Project Manager / Scrum Master
Re: Enabling HTTPS
Hi,
I'm sure you'll find some of your questions answered here:
http://ops4j.github.io/pax/web/SNAPSHOT/User-Guide.html#ssl-configuration
regards, Achim
Am Do., 25. Okt. 2018 um 17:59 Uhr schrieb Leschke, Scott <
slesc...@medline.com>:
> I’m attempting to get https working by following the instructions at:
> https://karaf.apache.org/manual/latest/webcontainer
>
> I’m confused by the setting for *org.ops4j.pax.web.ssl.password*
>
> What is that intended to be. How is it defined?
>
>
>
> Also, what’s the difference between these:
>
> *org.osgi.service.http.secure.enabled=true*
>
> and
>
> *org.osgi.service.https.enabled=true* ?
>
>
>
> Anyway, I’m getting the following:
>
> Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe
> contents entry: javax.crypto.BadPaddingException: Given final block not
> properly padded. Such issues can arise if a bad key is used during
> decryption.
>
>
>
> My org.ops4j.pax.web.cfg (slightly obfuscated) is shown below.
>
>
>
> Scott
>
>
>
>
>
> org.osgi.service.http.enabled=false
>
> org.osgi.service.http.port=8181
>
>
>
> org.osgi.service.http.port.secure=8443
>
> org.osgi.service.http.secure.enabled=true
>
> org.osgi.service.https.enabled=true
>
>
>
> org.ops4j.pax.web.config.file=${karaf.etc}/jetty.xml
>
> org.apache.karaf.features.configKey=org.ops4j.pax.web
>
>
>
> org.ops4j.pax.web.ssl.keystore=c:/KeyStorePath
>
> org.ops4j.pax.web.ssl.password=?? Not sure what this is exactly
>
> org.ops4j.pax.web.ssl.keypassword=MyKeystorePWD
>
>
>
> javax.servlet.context.tempdir=${karaf.data}/pax-web-jsp
>
--
Apache Member
Apache Karaf
Software Architect / Project Manager / Scrum Master
