Setup SSL certificate - Do not want to use default certificate

Thu, 09 Apr 2020 05:13:21 -0700 

Hi,

I have to use CA certified certificate in ofbiz. I have domain.crt file
with me(got it from CA). I tried below steps but no success. Please let me
know how i can set up my own certificate in ofbiz?

1. Created a keystore ofbiz_new.jks from certificate domain.crt.
2. Updated framework/catalina/ofbiz-component.xml file.
     <property name="keystoreFile"
value="framework/base/config/ofbiz_new.jks"/>
            <property name="keystoreType" value="JKS"/>
            <property name="keyAlias" value="ofbizkey"/>   <!-- This value
is key alias, that i am giving when creating keystore using certificate-->
            <property name="keyPass" value=" ofbizpass"/>  <!-- this is key
store password ( i have doubt about this)   -->
3. Added the pem file in systems java cacerts file.

I followed this link.
https://cwiki.apache.org/confluence/display/OFBIZ/Apache+OFBiz+Technical+Production+Setup+Guide#ApacheOFBizTechnicalProductionSetupGuide-SSLCertificateSetup

Point 4:  Please remember to download the Certificate in PKCS#7 format. (
But i got a .crt file. I can generate a pem file from this. Do i need to
generate pem file and then create der file. But what to do after that.)
Point 6: Configure the ofbiz-containers.xml (framework/base/config) file to
point to your new keystore and password ( I did not find  find any entry in
this file) If using Tomcat (Catalina), which is the default, find the
"catalina-container" -> "https-connector" -> "keystoreFile" and
"keystorePass" properties and set them.

I started ofbiz but i am getting this error.
Caused by: java.io.IOException: Keystore was tampered with, or password was
incorrect
        at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:785)
        at
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
        at
sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
        at
sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
        at java.security.KeyStore.load(KeyStore.java:1445)
        at
org.apache.tomcat.util.security.KeyStoreUtil.load(KeyStoreUtil.java:69)
        at
org.apache.tomcat.util.net.SSLUtilBase.getStore(SSLUtilBase.java:209)
        at
org.apache.tomcat.util.net.SSLHostConfigCertificate.getCertificateKeystore(SSLHostConfigCertificate.java:206)
        at
org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:272)
        at
org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:239)
        at
org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:97)
        ... 20 more
Caused by: java.security.UnrecoverableKeyException: Password verification
failed
        at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:783)


When i tried to use the existing keystore:
1. i imported my certificate in ofbizssl.jks.
2. updated  framework/catalina/ofbiz-component.xml with new keyAlias.
When i restarted ofbiz, i got* java.io.IOException: jsse.alias_no_key_entry*
this error.
-- 
Thanks & Regards
Vipin Nirwal

Reply via email to