Page 1 of 1

Won't Serve HTTPS

PostPosted: Fri Sep 10, 2021 12:45 am
by bcusick
Hey Guys,

I'm super frustrated - and just wanted to see if you had any ideas.... I have a server running swimmingly well with an SSL certificate that expired.
I'm working with an educational institution - so I tried just importing the updated cert into the keystore - but no good.

SO I created a new keystore:
Code: Select all
keytool -genkey -alias servoy -keyalg RSA -keysize 2048 -keystore C:\servoy_ssl_certs\servoy.jks


Then converted to pkcs12:
Code: Select all
keytool -importkeystore -srckeystore C:\servoy_ssl_certs\servoy.jks -destkeystore C:\servoy_ssl_certs\servoy.jks -deststoretype pkcs12


I created a new CSR:
Code: Select all
keytool -certreq -alias servoy -file C:\servoy_ssl_certs\servoy2.csr -keystore C:\servoy_ssl_certs\servoy.jks


I got the certificate (with all the intermediates in there) - and added to the keystore:
Code: Select all
keytool -import -trustcacerts -alias servoy2021 -file C:\servoy_ssl_certs\procom_ctsi_ucla_edu.cer -keystore C:\servoy_ssl_certs\servoy.jks 


In the server.xml - I already correctly had this added:

Code: Select all
<Connector port="80" protocol="HTTP/1.1"
               maxThreads="500" connectionTimeout="60000"
               redirectPort="443"
                compression="4096"
               compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css" />
            
   <Connector port="443"
   maxThreads="500"
   connectionTimeout="60000"
   scheme="https"
   secure="true"
   SSLEnabled="true"
      
   keystoreFile = "C:/servoy_ssl_certs/servoy.jks"
      keystorePass="mypassword"
   clientAuth="false" sslProtocol="TLS"
   />


I then went into the servoy.properties and replaced all the encrypted passwords with plain text (including the keystore password);

Then I started the server with no errors.

But it refuses to use https - event though on the Nework Settings is says "SSL initialized ok."

Any ideas?

RESOLVED: Won't Serve HTTPS

PostPosted: Tue Sep 14, 2021 4:43 pm
by bcusick
Well, as it turns out - I did all the steps correctly!

The issue was with the certificate that was generated by the client's IT folks.

After 2 days of screwing around - they finally got it right.