Can't you just provide a keystore password? https://stackoverflow.com/questions/12862655/using-an-empty-keystore-password-used-to-be-possible
On Thu, Jul 7, 2022 at 11:42 AM Andy Seaborne <a...@apache.org> wrote: > > Hi Nikolaos, > > > On 06/07/2022 11:04, Nikolaos Beredimas wrote: > > While trying to get Fuseki running over https I found this thread from > > February > > https://jena.markmail.org/message/2kqpd2tlinpdzpna?q=ssl+order:date-backward&page=1 > > > > 1. I can confirm the provided xml works (tested on Fuseki 4.5.0) > > Thanks for confirming that. > > > > > 2. I am having some issues generating the needed pkcs12 certificate file. > > > > a. When trying to generate a password-less pkcs12 file (openssl ... > > -passout pass:) Fuseki doesn't complain when loading it, but I always get > > SSL handshake errors and it doesn't work. > > It is Jetty that is handling the certificate via the JDK. > > Mentions like > > https://stackoverflow.com/questions/58345405/how-to-use-non-password-protected-p12-ssl-certificate-in-spring-boot > > (which is nearly 3 years old) > > suggest a password was needed at some time in the past. Current jetty > documentation does not mention it one way of the other. > > > b. When trying to generate with a password I get mixed results: > > OpenSSL 1.1.1f 31 Mar 2020 running on WSL2 Ubuntu 20.04 works fine. Fuseki > > loads the certificate and works like a charm. > > However, if I use OpenSSL 1.1.1o 3 May 2022 (running on > > docker-linuxserver/docker-swag:latest) I get a strange exception stacktrace: > > > > java.io.IOException: keystore password was incorrect > > at sun.security.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source) ~[?:?] > > at sun.security.util.KeyStoreDelegator.engineLoad(Unknown Source) ~[?:?] > > at java.security.KeyStore.load(Unknown Source) ~[?:?] > > at > > org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:49) > > ~[fuseki-server.jar:4.5.0] > > ... > > Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe > > contents entry: javax.crypto.BadPaddingException: Given final block not > > properly padded. Such issues can arise if a bad key is used during > > decryption. > > ... 28 more > > I'm afraid I don't know what that indicates. > > > > > > > I would appreciate any input to pinpoint and solve any or both issues above. > > We'd be interested in hearing what you find out. > > > > > Regards, > > Nikolaos Beredimas > >