3

So I bought a certificate I got a certificate, a key, and intermediate that has 2 beginnings I dont know if that counts or should be add as separated intermediate.

I added the certificate and the intermidate like this.

keytool -import -trustcacerts -alias rootmydomain -file rootmydomain.crt -keystore mykeystore.keystore
keytool -import -trustcacerts -alias interm.mydomain -file interm.mydomain.crt -keystore mykeystore.keystore

I didnt have a problem so far, it crated a mykeystore.keystore file in my wildfly/standalone/configuration/ folder. I was even able to list my entries in mykeystore.keystore.

Then added the following to my standalone.xml.

<security-realm name="ssl-realm">
   <server-identities>
       <ssl>
           <keystore path="mykeystore.keystore" relative-to="jboss.server.config.dir" keystore-password="mypassword" alias="rootmydomain" key-password="mypassword"/>
       </ssl>
   </server-identities>
</security-realm>

And I get the followin error:

04:55:22,538 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service jboss.server.controller.management.security_realm.ssl-realm.key-manager: org.jboss.msc.service.StartException in service jboss.server.controller.management.security_realm.ssl-realm.key-manager: WFLYDM0083: The KeyStore /opt/wildfly-10.0.0.Final/standalone/configuration/mykeystore.keystore does not contain any keys.

I had the same configuration with an cert generated by myself and it worked. I dont know why I am not able to make is work like this.

INDIA IT TECH
  • 1,902
  • 4
  • 12
  • 25
Juan Diego
  • 1,396
  • 4
  • 19
  • 52

1 Answers1

4

Based on the commands you issued, there are indeed no keys in your keystore, just certificates. You need to get your private key in the keystore in order for Wildfly to be able to pick it up.

importing an existing x509 certificate and private key in Java keystore to use in ssl is an example of how it can be done.

Community
  • 1
  • 1
Dominique Toupin
  • 411
  • 3
  • 11