Closed johnseekins closed 7 years ago
I think I see why. Because generating the keystore for Rundeck goes like this:
sudo -u rundeck keytool -keystore /etc/rundeck/ssl/keystore -alias rundeck -genkey -keyalg RSA -keypass adminadmin -storepass adminadmin -dname "cn=rundeck, o=Org, c=US"
cp /etc/rundeck/ssl/keystore /etc/rundeck/ssl/truststore
I end up with a keystore that doesn't have any of the regular CA certs in it. Dang.
Got it...
keytool -importkeystore -destkeystore /etc/rundeck/ssl/keystore -srckeystore /etc/ssl/certs/java/cacerts -deststoretype JKS -srcstoretype JKS -deststorepass <pass> -srcstorepass <pass>
I tried your last command and the problem is cacert file or directory don't exist. Do I need to generate a cacert for java ssl? under "/etc/ssl/certs/java/"
Yes. You absolutely need a CA for this to work.
Considering I closed this issue almost two years ago and no longer work at the company I was doing this work at...I'm sorry, I don't have the steps. Creating a self-signed certificate does require creating a CA, though. So it should be available already.
When I don't use a self-signed cert, the ec2 node classifier is fine. When I do use a self-signed cert (which we'd really like to do), I consistently get this error: