AnsweredAssumed Answered

Secure Proxy Server - Failed to load Java keystore (SSL)

Question asked by wasja02 Employee on Aug 17, 2018
Latest reply on Aug 22, 2018 by Hubert Dennis

I am trying to import a signed certificate so that SPS can communicate with https on the backend server and I am receiving a "Failed to load keystore" error in the server.log. (see attachment)

 

I am assuming that one error is preventing me from using https. 

 

Any ideas on what could be wrong or step that I may have missed to complete the SSL process for the keystore to be loaded properly?

 

I have performed the following steps...

 

1. Create the Cert Request

cd <install-dir>\SSL

..\bin\openssl req -out client2-CSR.csr -new -newkey rsa:2048 -nodes -keyout client2-privateKey.key -config ..\bin\openssl.cnf

 

2. Sign the Request

CSR was signed by CA

Convert cert to DER encoding

..\bin\openssl x509 –in client2-Cert_x509.pem -out client2-Cert_x509.cer -outform der

 

3. Convert private key to encrypted pkcs#8 DER encoding

..\bin\openssl.exe pkcs8 -in client2-privateKey.key -topk8 -v2 des3 -out client2-privateKey-DER.key -outform DER

 


4. Put files in right location:

     Place DER encoded client cert in :  <install-dir>\SSL\clientcert\certs\

            client-Cert_x509.cer

 

     Place encrypted DER encoded private key in :  <install-dir>\SSL\clientcert\key\

            client2-privateKey-DER.key

5. Generate Encrypted Password for server.conf file:

cd <install-dir>\SSL\bin
EncryptUtil.sh password

Encrypted string: U2FsdGVkX18VcMWDmBEJG7CL2edypl03V6Ig1F3gON4=

   

6. Modify the server.conf file :

             

              ClientKeyFile="client2-privateKey-DER.key"

              ClientPassPhrase=U2FsdGVkX1+wxoEp8DCUZ6/pcaHpitr6v88GproScgQ=

 

7. Restart SPS and check the server.log file: 

failed to load keystore  

Outcomes