From the example shown under the Configuration heading at
https://karaf.apache.org/manual/latest/webcontainer, it shows
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore
-storepass karaf1234 -validity 360 -keysize 2048
Now, we can enable and configure the HTTPs connector with this
keystore in etc/org.ops4j.pax.web.cfg:
org.osgi.service.http.port.secure=8443
org.osgi.service.http.secure.enabled=true
org.ops4j.pax.web.ssl.keystore=/path/to/keystore
org.ops4j.pax.web.ssl.password=foo
org.ops4j.pax.web.ssl.keypassword=karaf1234
The documentation at:
https://ops4j1.jira.com/wiki/spaces/paxweb/pages/12059277/SSL+Configuration says
To enable SSL support you must set the following properties:
org.osgi.service.http.secure.enabled to true
org.ops4j.pax.web.ssl.keystore to the path to the keystore to be
used. If not set the default path ${user.home}/.keystore is used.
org.ops4j.pax.web.ssl.password to the password used for keystore
integrity check. The value can be in plain text or obfuscated ( starting with
OBF: ) as described in step 4 of jetty documentation
org.ops4j.pax.web.ssl.keypassword to the password used for
keystore. The value can be in plain text or obfuscated ( starting with OBF: )
as described in step 4 of jetty documentation
The above would seem to indicate that the opposite of what you say is actually
true although when I tried setting ...password to the key password and
...keypassword to the store password I couldn't get it to work. I seem to
recall that I tried it the other way around as well and that didn't work either.
Ultimately I ended up regenerating my keystore and dropping the key password
entirely which by default makes the key password the same as the store password
as far as I understand. I then set both properties to the keystore password
value which worked.
I don't know why having a key password that differed from the keystore password
it didn't work but that's what I experienced.
Regards,
Scott
-----Original Message-----
From: Jean-Baptiste Onofré [mailto:[email protected]]
Sent: Friday, October 26, 2018 9:33 PM
To: [email protected]
Subject: Re: Enabling HTTPS
It's for the server side, so yes password is the keystore password and
keypassword is the key password.
Regards
JB
On 26/10/2018 16:02, Leschke, Scott wrote:
> After doing some digging, it would appear that both of these properties
> need to be set to the keystore password.
>
> org.ops4j.pax.web.ssl.password
>
> org.ops4j.pax.web.ssl.keypassword
>
> I’m still curious about the difference between:
>
> *org.osgi.service.http.secure.enabled=true*
>
> and
>
> *org.osgi.service.https.enabled=true*
>
> Scott
>
>
>
> *From:*Leschke, Scott [mailto:[email protected]]
> *Sent:* Thursday, October 25, 2018 11:21 AM
> *To:* [email protected]
> *Subject:* RE: Enabling HTTPS
>
>
>
> Actually,
>
>
>
> I saw most of that information at:
> https://ops4j1.jira.com/wiki/spaces/paxweb/pages/12059277/SSL+Configuration
>
>
>
> It says, Password used for keystore integrity check.
>
>
>
> Where does that pwd come from? The example in the Karaf doc doesn’t
> show (it’s foo).
>
>
>
> *From:*Achim Nierbeck <[email protected]>
> *Sent:* Thursday, October 25, 2018 11:09 AM
> *To:* [email protected]
> *Subject:* Re: Enabling HTTPS
>
>
>
> Hi,
>
>
>
> I'm sure you'll find some of your questions answered here:
> http://ops4j.github.io/pax/web/SNAPSHOT/User-Guide.html#ssl-configuration
>
>
>
> regards, Achim
>
>
>
> Am Do., 25. Okt. 2018 um 17:59 Uhr schrieb Leschke, Scott
> <[email protected] <mailto:[email protected]>>:
>
> I’m attempting to get https working by following the instructions
> at: https://karaf.apache.org/manual/latest/webcontainer
>
> I’m confused by the setting for *org.ops4j.pax.web.ssl.password*
>
> What is that intended to be. How is it defined?
>
>
>
> Also, what’s the difference between these:
>
> *org.osgi.service.http.secure.enabled=true*
>
> and
>
> *org.osgi.service.https.enabled=true* ?
>
>
>
> Anyway, I’m getting the following:
>
> Caused by: java.security.UnrecoverableKeyException: failed to
> decrypt safe contents entry: javax.crypto.BadPaddingException: Given
> final block not properly padded. Such issues can arise if a bad key
> is used during decryption.
>
>
>
> My org.ops4j.pax.web.cfg (slightly obfuscated) is shown below.
>
>
>
> Scott
>
>
>
>
>
> org.osgi.service.http.enabled=false
>
> org.osgi.service.http.port=8181
>
>
>
> org.osgi.service.http.port.secure=8443
>
> org.osgi.service.http.secure.enabled=true
>
> org.osgi.service.https.enabled=true
>
>
>
> org.ops4j.pax.web.config.file=${karaf.etc}/jetty.xml
>
> org.apache.karaf.features.configKey=org.ops4j.pax.web
>
>
>
> org.ops4j.pax.web.ssl.keystore=c:/KeyStorePath
>
> org.ops4j.pax.web.ssl.password=?? Not sure what this is exactly
>
> org.ops4j.pax.web.ssl.keypassword=MyKeystorePWD
>
>
>
> javax.servlet.context.tempdir=${karaf.data}/pax-web-jsp
>
>
>
> --
>
>
> Apache Member
>
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer
> & Project Lead
> blog <http://notizblog.nierbeck.de/>
>
> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>
>
>
> Software Architect / Project Manager / Scrum Master
>
>
>
