Re: [jetty-users] Keystore Problems

2020-05-26 Thread David C Fuhs
alf of Cantor, Scott Sent: Tuesday, May 26, 2020 1:40 PM To: JETTY user mailing list Subject: Re: [jetty-users] Keystore Problems On 5/26/20, 4:34 PM, "jetty-users-boun...@eclipse.org on behalf of David C Fuhs" wrote: > What I really want is quite simple: a series of command

Re: [jetty-users] Keystore Problems

2020-05-26 Thread Cantor, Scott
On 5/26/20, 4:34 PM, "jetty-users-boun...@eclipse.org on behalf of David C Fuhs" wrote: > What I really want is quite simple: a series of commands that will take as > input a private key, a new SSL certificate, and a > series of intermediate/CA certificates and create a PKCS12 keystore that >

Re: [jetty-users] Keystore Problems

2020-05-26 Thread David C Fuhs
Office California State University, Chico df...@csuchico.edu 530-898-4852 From: jetty-users-boun...@eclipse.org on behalf of Simone Bordet Sent: Tuesday, May 26, 2020 11:18 AM To: JETTY user mailing list Subject: Re: [jetty-users] Keystore Problems Hi, On Tue

Re: [jetty-users] Keystore Problems

2020-05-26 Thread Simone Bordet
Hi, On Tue, May 26, 2020 at 8:07 PM David C Fuhs wrote: > > To generate the private key: > openssl genrsa 4096 > new_host.key > > To combine the SSL certificate plus CA certificates into one file: > cat ssl_cert interm_certs > combined_certs > Results in a file with the SSL certificate first,

Re: [jetty-users] Keystore Problems

2020-05-26 Thread David C Fuhs
mation Security Office California State University, Chico df...@csuchico.edu 530-898-4852 From: jetty-users-boun...@eclipse.org on behalf of Joakim Erdfelt Sent: Tuesday, May 26, 2020 10:49 AM To: JETTY user mailing list Subject: Re: [jetty-users] Keystore Pr

Re: [jetty-users] Keystore Problems

2020-05-26 Thread Joakim Erdfelt
How were new_host.key and combined_certs created? Also, can you provide the complete stacktraces? Joakim Erdfelt / joa...@webtide.com On Tue, May 26, 2020 at 12:44 PM David C Fuhs wrote: > Good morning all: > > Red Hat Enterprise Linux Server release 7.8 (Maipo) >

Re: [jetty-users] keystore

2018-03-14 Thread Jesse McConnell
fair enough, congrats at least :) -- jesse mcconnell jesse.mcconn...@gmail.com On Wed, Mar 14, 2018 at 2:15 PM, Lou DeGenaro wrote: > Unfortunately no. I could only supply an IP address (which it seems is > not allowed) and is only accessible internally anyway. > >

Re: [jetty-users] keystore

2018-03-14 Thread Lou DeGenaro
Unfortunately no. I could only supply an IP address (which it seems is not allowed) and is only accessible internally anyway. Lou. On Wed, Mar 14, 2018 at 3:04 PM, Jesse McConnell wrote: > That is an interesting nugget Lou, any chance you can report results from >

Re: [jetty-users] keystore

2018-03-14 Thread Jesse McConnell
That is an interesting nugget Lou, any chance you can report results from here: https://www.ssllabs.com/ssltest/ ? -- jesse mcconnell jesse.mcconn...@gmail.com On Wed, Mar 14, 2018 at 1:53 PM, Lou DeGenaro wrote: > Looking here:

Re: [jetty-users] keystore

2018-03-14 Thread Lou DeGenaro
Looking here: https://www.ibm.com/support/knowledgecenter/en/SSYKE2_8.0.0/com.ibm.java.security.component.80.doc/security-component/jsse2Docs/matchsslcontext_tls.html I added -Dcom.ibm.jsse2.overrideDefaultTLS=true to the launch of my Jetty server and much joy resulted. Lou. On Wed, Mar 14,

Re: [jetty-users] keystore

2018-03-14 Thread Lothar Kimmeringer
Am 14.03.2018 um 17:53 schrieb Silvio Bierman: Those are ciphers for the SSL protocol instead of TLS. You do not want to use those... I'm not defending IBM here for their decision to follow the NIH-principle. The ciphers are for TLS, the session where this trace came from was an

Re: [jetty-users] keystore

2018-03-14 Thread Joakim Erdfelt
for the SSL protocol instead of TLS. You do not want to >> use those... >> >> >> >> Sent from my Samsung Galaxy smartphone. >> >> Original message ---- >> From: Lothar Kimmeringer <j...@kimmeringer.de> >> Date: 3/14/18

Re: [jetty-users] keystore

2018-03-14 Thread Joakim Erdfelt
gt; To: jetty-users@eclipse.org > Subject: Re: [jetty-users] keystore > > Hi, > > Am 14.03.2018 um 17:24 schrieb Joakim Erdfelt: > > > * The IBM JVM is not sane, look into its cipher suites and protocols. > > > > A quick comparison shows that it has half the cipher sui

Re: [jetty-users] keystore

2018-03-14 Thread Lothar Kimmeringer
Hi, Am 14.03.2018 um 17:47 schrieb Joakim Erdfelt: Conclusion: You have a cipher suite issue. I don't have any issues (I just added my 2 cents to this thread). My point is if we have a similar effect here than with JVMs on iSeries that the JVM reports ciphers "SSL_-something" and jetty is

Re: [jetty-users] keystore

2018-03-14 Thread Silvio Bierman
Those are ciphers for the SSL protocol instead of TLS. You do not want to use those... Sent from my Samsung Galaxy smartphone. Original message From: Lothar Kimmeringer <j...@kimmeringer.de> Date: 3/14/18 17:36 (GMT+01:00) To: jetty-users@eclipse.org Subject: Re:

Re: [jetty-users] keystore

2018-03-14 Thread Joakim Erdfelt
> Secure Connection Failed Error code: SSL_ERROR_NO_CYPHER_OVERLAP The stated reason from Firefox for that error is that you lack the required cipher suites for the updated TLS configuration present since FireFox 50.x * https://support.mozilla.org/en-US/questions/1148536 *

Re: [jetty-users] keystore

2018-03-14 Thread Lothar Kimmeringer
Hi, Am 14.03.2018 um 17:24 schrieb Joakim Erdfelt: * The IBM JVM is not sane, look into its cipher suites and protocols. A quick comparison shows that it has half the cipher suites that oracle jvm or openjdk has. Not necessarily. At least the JVM for i Series has more or less the same

Re: [jetty-users] keystore

2018-03-14 Thread Joakim Erdfelt
Your server has no handlers, none, completely empty. Perhaps you missed the ... server.setHandler(resourceHandler); Better yet, use ... HandlerList handlers = new HandlerList(); handlers.addHandler(resourceHandler); handlers.addHandler(new DefaultHandler()); // always last

Re: [jetty-users] keystore

2018-03-14 Thread Lou DeGenaro
Have you attempted to configure the SSL Cipher Suites on the Jetty server side? > NO. I'm using vanilla jetty as shipped. Is there something else I need to do? Code shown below. Thanks. Lou. private void server_main(String[] args) { try { // === jetty.xml ===

Re: [jetty-users] keystore

2018-03-14 Thread Joakim Erdfelt
Have you attempted to configure the SSL Cipher Suites on the Jetty server side? If you enable the jetty startup dump you'll see the list of enabled cipher suites and protocols that Jetty is running with (including the reason why a specific available protocol or cipher suite is disabled). $ java

Re: [jetty-users] keystore

2018-03-14 Thread Lou DeGenaro
Still having (likely user error) issues with SSL. I generate my keystore thus: /share/jdk1.8/bin/keytool -genkey -noprompt -alias jetty -dname "CN=my.cn, OU=my.ou, O=my.o, L=my.l, S=my.s, C=my.c" -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -validity 1 -keystore

Re: [jetty-users] keystore

2018-03-12 Thread Greg Wilkins
Any jetty.keystore.password is not set anywhere? if it is set, is it set to your password? Try hard coding it in the XML to debug before playing with parameters. cheers On 11 March 2018 at 06:48, Lou DeGenaro wrote: > yep. > > On Sat, Mar 10, 2018 at 12:59 PM, John

Re: [jetty-users] keystore

2018-03-10 Thread Lou DeGenaro
yep. On Sat, Mar 10, 2018 at 12:59 PM, John English wrote: > On 10/03/2018 16:15, Lou DeGenaro wrote: > >> > default="my-password"/> >> > default="my-password"/> >> > > The keystore password and truststore password are really the same? Are you > sure? > > -- > John

Re: [jetty-users] keystore

2018-03-10 Thread John English
On 10/03/2018 16:15, Lou DeGenaro wrote: default="my-password"/> name="jetty.truststore.password" default="my-password"/> The keystore password and truststore password are really the same? Are you sure? -- John English ___ jetty-users mailing list