• header.categories
    • header.recent
    • header.tags
    • header.popular
    • register
    • login

    keystore and certificate on client

    scheduled pinned locked moved General Discussion
    3 posts 2 posters 2.0k views 1 watching
    loading-more-posts
    • oldest-to-newest
    • newest-to-oldest
    • most-votes
    reply
    • reply-as-topic
    guest-login-reply
    deleted-message
    • R offline
      ragflyer
      global:last-edited-by, jkandasa

      I would like to get rid of the page warning of untrusted server at the login and tried to feed mycontroller a new keystore.jks:

      keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass xxxxxx -validity 360 -keysize 2048
      keytool -export -alias selfsigned -keystore keystore.jks -file root.cer
      

      Now the server won't start and I get a log message:
      java.io.IOException: Keystore was tampered with, or password was incorrect

      When I try to export the original keystore.jks I get an error on the client. Could somebody give me a hint on how to achieve what I intended?

      jkandasaJ one-reply-to-this-post last-reply-time reply quote 0
      • jkandasaJ offline
        jkandasa @ragflyer
        global:last-edited-by,

        @ragflyer

        When I use this command works well. I never pass store password on command. That might be causing issue.

        keytool -genkey -alias selfsigned -keyalg RSA -keystore keystore.jks -validity 360 -keysize 2048
        
        
        one-reply-to-this-post last-reply-time reply quote 0
        • R offline
          ragflyer
          global:last-edited-by, ragflyer

          OK that worked. Few more things to note for newcomers:

          • password and name of file is stored in mycontroller config file
          • Common Name (keytool asks for First and Lastname) is where you put the server/domain name or IP adress as the browser will check this against the certificate.
          • Now export, copy to client, after import on MacOS find the cert in the keyring (search IP), right click, information, trust, set SSL to always trust. Now the browser should accept it without asking you.
          one-reply-to-this-post last-reply-time reply quote 1
          • first-post
            last-post

          0

          online

          644

          users

          532

          topics

          3.4k

          posts
          Copyright © 2015-2025 MyController.org | Contributors | Localization