I am trying to import a signed certificate so that SPS can communicate with https on the backend server and I am receiving a “Failed to load keystore” error in the server.log. (see attachment)

 

I am assuming that one error is preventing me from using https. 

 

Any ideas on what could be wrong or step that I may have missed to complete the SSL process for the keystore to be loaded properly?

 

I have performed the following steps…

 

1. Create the Cert Request

cd <install-dir>SSL

..binopenssl req -out client2-CSR.csr -new -newkey rsa:2048 -nodes -keyout client2-privateKey.key -config ..binopenssl.cnf

 

2. Sign the Request

CSR was signed by CA

Convert cert to DER encoding

..binopenssl x509 –in client2-Cert_x509.pem -out client2-Cert_x509.cer -outform der

 

3. Convert private key to encrypted pkcs#8 DER encoding

..binopenssl.exe pkcs8 -in client2-privateKey.key -topk8 -v2 des3 -out client2-privateKey-DER.key -outform DER

 


4. Put files in right location:

     Place DER encoded client cert in :  <install-dir>SSLclientcertcerts

            client-Cert_x509.cer

 

     Place encrypted DER encoded private key in :  <install-dir>SSLclientcertkey

            client2-privateKey-DER.key

5. Generate Encrypted Password for server.conf file:

cd <install-dir>SSLbin
EncryptUtil.sh password

Encrypted string: U2FsdGVkX18VcMWDmBEJG7CL2edypl03V6Ig1F3gON4=

   

6. Modify the server.conf file :

             

              ClientKeyFile=”client2-privateKey-DER.key”

              ClientPassPhrase=U2FsdGVkX1+wxoEp8DCUZ6/pcaHpitr6v88GproScgQ=

 

7. Restart SPS and check the server.log file: 

failed to load keystore  


Source: New feed
{pubDate}

Leave a Reply

Your email address will not be published. Required fields are marked *