keystore and certificate on client

  • I would like to get rid of the page warning of untrusted server at the login and tried to feed mycontroller a new keystore.jks:

    keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass xxxxxx -validity 360 -keysize 2048
    keytool -export -alias selfsigned -keystore keystore.jks -file root.cer

    Now the server won't start and I get a log message: Keystore was tampered with, or password was incorrect

    When I try to export the original keystore.jks I get an error on the client. Could somebody give me a hint on how to achieve what I intended?

  • @ragflyer

    When I use this command works well. I never pass store password on command. That might be causing issue.

    keytool -genkey -alias selfsigned -keyalg RSA -keystore keystore.jks -validity 360 -keysize 2048

  • OK that worked. Few more things to note for newcomers:

    • password and name of file is stored in mycontroller config file
    • Common Name (keytool asks for First and Lastname) is where you put the server/domain name or IP adress as the browser will check this against the certificate.
    • Now export, copy to client, after import on MacOS find the cert in the keyring (search IP), right click, information, trust, set SSL to always trust. Now the browser should accept it without asking you.

Suggested Topics