No, just using the default connector created via etc/org.ops4j.pax.web.cfg works for me as well.
Regards JB On 28/10/2018 14:29, Leschke, Scott wrote: > No I have not modified etc/jetty.xml. Does that have to be updated as well? > > -----Original Message----- > From: Jean-Baptiste Onofré [mailto:j...@nanthrax.net] > Sent: Saturday, October 27, 2018 9:16 AM > To: user@karaf.apache.org > Subject: Re: Enabling HTTPS > > Hi, > > just to be sure, you don't use and have etc/jetty.xml ? > > I just tested and it works fine using different password for key and > keystore. > > Regards > JB > > On 27/10/2018 15:11, Leschke, Scott wrote: >> From the example shown under the Configuration heading at >> https://karaf.apache.org/manual/latest/webcontainer, it shows >> >> >> >> keytool -genkey -keyalg RSA -alias selfsigned -keystore >> keystore -storepass karaf1234 -validity 360 -keysize 2048 >> >> >> >> Now, we can enable and configure the HTTPs connector with >> this keystore in etc/org.ops4j.pax.web.cfg: >> >> >> >> org.osgi.service.http.port.secure=8443 >> >> org.osgi.service.http.secure.enabled=true >> >> org.ops4j.pax.web.ssl.keystore=/path/to/keystore >> >> org.ops4j.pax.web.ssl.password=foo >> >> org.ops4j.pax.web.ssl.keypassword=karaf1234 >> >> >> >> The documentation at: >> https://ops4j1.jira.com/wiki/spaces/paxweb/pages/12059277/SSL+Configuration >> says >> >> >> >> To enable SSL support you must set the following properties: >> >> >> >> org.osgi.service.http.secure.enabled to true >> >> org.ops4j.pax.web.ssl.keystore to the path to the >> keystore to be used. If not set the default path ${user.home}/.keystore >> is used. >> >> org.ops4j.pax.web.ssl.password to the password used for >> keystore integrity check. The value can be in plain text or obfuscated ( >> starting with OBF: ) as described in step 4 of jetty >> documentation >> >> org.ops4j.pax.web.ssl.keypassword to the password used >> for keystore. The value can be in plain text or obfuscated ( starting >> with OBF: ) as described in step 4 of >> jetty documentation >> >> >> >> The above would seem to indicate that the opposite of what you say is >> actually true although when I tried setting ...password to the key >> password and ...keypassword to the store password I couldn't get it to >> work. I seem to recall that I tried it the other way around as well and >> that didn't work either. >> >> Ultimately I ended up regenerating my keystore and dropping the key >> password entirely which by default makes the key password the same as >> the store password as far as I understand. I then set both properties >> to the keystore password value which worked. >> >> >> >> I don't know why having a key password that differed from the keystore >> password it didn't work but that's what I experienced. >> >> >> >> Regards, >> >> >> >> Scott >> >> >> >> -----Original Message----- >> From: Jean-Baptiste Onofré [mailto:j...@nanthrax.net] >> Sent: Friday, October 26, 2018 9:33 PM >> To: user@karaf.apache.org >> Subject: Re: Enabling HTTPS >> >> >> >> It's for the server side, so yes password is the keystore password and >> >> keypassword is the key password. >> >> >> >> Regards >> >> JB >> >> >> >> On 26/10/2018 16:02, Leschke, Scott wrote: >> >>> After doing some digging, it would appear that both of these properties >> >>> need to be set to the keystore password. >> >>> >> >>> org.ops4j.pax.web.ssl.password >> >>> >> >>> org.ops4j.pax.web.ssl.keypassword >> >>> >> >>> I’m still curious about the difference between: >> >>> >> >>> *org.osgi.service.http.secure.enabled=true* >> >>> >> >>> and >> >>> >> >>> *org.osgi.service.https.enabled=true* >> >>> >> >>> Scott >> >>> >> >>> >> >>> >> >>> *From:*Leschke, Scott [mailto:slesc...@medline.com] >> >>> *Sent:* Thursday, October 25, 2018 11:21 AM >> >>> *To:* user@karaf.apache.org >> >>> *Subject:* RE: Enabling HTTPS >> >>> >> >>> >> >>> >> >>> Actually, >> >>> >> >>> >> >>> >> >>> I saw most of that information at: >> >>> >> https://ops4j1.jira.com/wiki/spaces/paxweb/pages/12059277/SSL+Configuration >> >>> >> >>> >> >>> >> >>> It says, Password used for keystore integrity check. >> >>> >> >>> >> >>> >> >>> Where does that pwd come from? The example in the Karaf doc doesn’t >> >>> show (it’s foo). >> >>> >> >>> >> >>> >> >>> *From:*Achim Nierbeck <bcanh...@googlemail.com> >> >>> *Sent:* Thursday, October 25, 2018 11:09 AM >> >>> *To:* user@karaf.apache.org >> >>> *Subject:* Re: Enabling HTTPS >> >>> >> >>> >> >>> >> >>> Hi, >> >>> >> >>> >> >>> >> >>> I'm sure you'll find some of your questions answered here: >> >>> http://ops4j.github.io/pax/web/SNAPSHOT/User-Guide.html#ssl-configuration >> >>> >> >>> >> >>> >> >>> regards, Achim >> >>> >> >>> >> >>> >> >>> Am Do., 25. Okt. 2018 um 17:59 Uhr schrieb Leschke, Scott >> >>> <slesc...@medline.com <mailto:slesc...@medline.com>>: >> >>> >> >>> I’m attempting to get https working by following the instructions >> >>> at: https://karaf.apache.org/manual/latest/webcontainer >> >>> >> >>> I’m confused by the setting for *org.ops4j.pax.web.ssl.password* >> >>> >> >>> What is that intended to be. How is it defined? >> >>> >> >>> >> >>> >> >>> Also, what’s the difference between these: >> >>> >> >>> *org.osgi.service.http.secure.enabled=true* >> >>> >> >>> and >> >>> >> >>> *org.osgi.service.https.enabled=true* ? >> >>> >> >>> >> >>> >> >>> Anyway, I’m getting the following: >> >>> >> >>> Caused by: java.security.UnrecoverableKeyException: failed to >> >>> decrypt safe contents entry: javax.crypto.BadPaddingException: Given >> >>> final block not properly padded. Such issues can arise if a bad key >> >>> is used during decryption. >> >>> >> >>> >> >>> >> >>> My org.ops4j.pax.web.cfg (slightly obfuscated) is shown below. >> >>> >> >>> >> >>> >> >>> Scott >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> org.osgi.service.http.enabled=false >> >>> >> >>> org.osgi.service.http.port=8181 >> >>> >> >>> >> >>> >> >>> org.osgi.service.http.port.secure=8443 >> >>> >> >>> org.osgi.service.http.secure.enabled=true >> >>> >> >>> org.osgi.service.https.enabled=true >> >>> >> >>> >> >>> >> >>> org.ops4j.pax.web.config.file=${karaf.etc}/jetty.xml >> >>> >> >>> org.apache.karaf.features.configKey=org.ops4j.pax.web >> >>> >> >>> >> >>> >> >>> org.ops4j.pax.web.ssl.keystore=c:/KeyStorePath >> >>> >> >>> org.ops4j.pax.web.ssl.password=?? Not sure what this is exactly >> >>> >> >>> org.ops4j.pax.web.ssl.keypassword=MyKeystorePWD >> >>> >> >>> >> >>> >> >>> javax.servlet.context.tempdir=${karaf.data}/pax-web-jsp >> >>> >> >>> >> >>> >> >>> -- >> >>> >> >>> >> >>> Apache Member >> >>> >> >>> Apache Karaf <http://karaf.apache.org/> Committer & PMC >> >>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer >> >>> & Project Lead >> >>> blog <http://notizblog.nierbeck.de/> >> >>> >> >>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS> >> >>> >> >>> >> >>> >> >>> Software Architect / Project Manager / Scrum Master >> >>> >> >>> >> >>> >>
