Cayleth
commented
3 years ago So, what you actually need to do is concatenate the PEM certificates, in order, beginning with the private key, and including the entire bundle, into a single file, openssl x509 -in keypems.cat -trustout -out jksready.x509 keytool -importcert -keystore mudstore.jks -storetype jks -file jksready.x509 -alias mudkey the order is super important, apparently, and certificate bundles also apparently aren't always in the right order. That threw me off for days. I'll post a doc update when I get a chance. I think.
OK I've been going back and forth on whether to do an issue for this, but given that my cert seems to work under other servers, I feel like this is at least a documentation issue.
So what kind of format exactly does the keystore need to be in? I tried a million different ways to set it up right... I cat'd the private key to the chain bundle, openssld it to x509, created a jks keystore with the key... The guy at the SSL support said for java it should be in a jks keystore, but not as x509, as pfx. I tried doing it with the fullchain pem, I tried so many things..... There are so many conflicting instructions out there....
What are the ACTUAL, step-by-step instructions to follow, to get the bloody SSL cert working under this thing? Or at least a detailed explanation of a final format that will WORK? Please?
I read something about DER not working with SSLv3, so I tried new private keys that were RSA, and I tried changing the context call from SSLv3 to a couple other things.... I've been at this for almost a week now, and I don't feel like I can start the bloody thing without SSL because I don't want it to be hacked the minute it goes up.
I guess I can do a whole PHP thing for the macros/DL support, or else rip it from the codebase, but now I'm starting to be more a web developer than a mud developer. :/