Closed sanudatta11 closed 2 years ago
And also whats the username for the payara admin web ui?
I ran the below commands
openssl pkcs12 -export -in /etc/letsencrypt/live/yourFQDNhere/fullchain.pem -inkey /etc/letsencrypt/live/yourFQDNhere/privkey.pem -out pkcs.p12 -name letsencrypt
keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore letsencrypt.jks -srckeystore pkcs.p12 -srcstoretype PKCS12 -srcstorepass changeit
Always getting error - keytool error: java.io.IOException: keystore password was incorrect
Hi @sanudatta11,
I) The default glassfish admin credentials are username :admin passwrod: adminadmin (if this doesnt work then try blank or no password)
II) To import the lets encrypt certificate into glassfish, do the following: (use the password 'changeit' for all the keystores that you generate below)
Combine the domain.crt and intermediate.pem files that were generated by Let's Encrypt into one file
Create a keystore with the Let's Encrypt cert created in the step 1 above.
shell> openssl pkcs12 -export -in fullchain-from-step#1 -inkey domain.key -out letsencrypt.pkcs12 -name s1as
shell> keytool -importkeystore -destkeystore le-gf-keystore.jks -srckeystore letsencrypt.pkcs12 -srcstoretype PKCS12 -alias s1as
Copy the keystore to the target server
On the target server, save a copy of the old Glassfish keystore.jks file in case something goes wrong (location: /usr/local/strongkey/payara5/glassfish/domains/domain1/config)
Delete the s1as aliased cert in keystore.jks:
shell> keytool -delete -alias s1as -keystore keystore.jks
shell> keytool -importkeystore -srckeystore newkeystore.jks -destkeystore keystore.jks
I have been trying to import a custom letsencrypt certificate to the server but the way java webservers import certs are way different. And I have tried quite a few tutorials and unable to import the keystore file as its always saying
keytool error: java.io.IOException: keystore password was incorrect mostly for the destination
I was hoping if you guys can create/help me create a script which internally calls certbot or else at least a script where we can pass the certificate path where the pem files are located.