You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@openmeetings.apache.org by ratatouille <ra...@bitclusive.de> on 2020/04/10 14:52:38 UTC

Problem importing root.crt into keystore.jks

Hello!

I exported existing letsencrypt certificate into PKCS12 format. That went well.

Then I imported resulting red5.p12 into keystore, fine.

Executing
keytool -import -alias root -keystore /home/andreas/om/conf/keystore.jks -trustcacerts -file /home/andreas/rootcert.pem

gives an error after entering the password:
Keytool-Fehler: java.io.IOException: Keystore was tampered with, or password was incorrect

Surely the password is correct.

Does somebody has a hint for me?

  Andreas

Re: Problem importing root.crt into keystore.jks

Posted by ratatouille <ra...@bitclusive.de>.

I just see this in the logfile:

2020-04-10 18:35:36,267 [NioProcessor-9] WARN  o.r.s.net.rtmps.RTMPSMinaIoHandler - Keystore or Truststore file does not exist
2020-04-10 18:35:36,280 [NioProcessor-9] INFO  o.r.s.net.rtmp.RTMPMinaIoHandler - Close already forced on this session: 16
2020-04-10 18:36:05,524 [NioProcessor-10] WARN  o.r.s.net.rtmps.RTMPSMinaIoHandler - Keystore or Truststore file does not exist
2020-04-10 18:36:05,537 [NioProcessor-10] INFO  o.r.s.net.rtmp.RTMPMinaIoHandler - Close already forced on this session: 17
2020-04-10 18:36:05,611 [NioProcessor-11] WARN  o.r.s.net.rtmps.RTMPSMinaIoHandler - Keystore or Truststore file does not exist
2020-04-10 18:36:05,614 [NioProcessor-11] INFO  o.r.s.net.rtmp.RTMPMinaIoHandler - Close already forced on this session: 18

hmmm

  Andreas

ratatouille <ra...@bitclusive.de> schrieb am 10.04.20 um 18:27:07 Uhr:

> Hello!
> 
> In your manual you are using the same command-sequence like I did with
> according paths.
> keytool -import -alias root -keystore /home/andreas/om/conf/keystore.jks -trustcacerts -file /home/andreas/rootcert.pem
> 
> Where I assume rootcert.pem is the rootcert of letsencrypt and it's stored in my
> homefolder.
> 
> I get the same error when I want to import the intermediate certificate of letsencrypt.
> 
> Don't know what's wrong at the moment. This certificate stuff is very complex, though.
> 
>   Andreas
> 
> 
> "K. Kamhamea" <ka...@googlemail.com> schrieb am 10.04.20 um 18:10:30 Uhr:
> 
> > Dis you check this Manual?
> > https://cwiki.apache.org/confluence/display/OPENMEETINGS/OpenMeetings+5+Manual
> > 
> > I wrote a section about SSL where I answered exactly that question. The
> > instruction you used is outdated though.
> > 
> > Let me know If you have some suggestions for improvement.
> > 
> > K.
> > 
> > Am Fr., 10. Apr. 2020 um 16:52 Uhr schrieb ratatouille <  
> > ratatouille@bitclusive.de>:    
> >   
> > > Hello!
> > >
> > > I exported existing letsencrypt certificate into PKCS12 format. That went
> > > well.
> > >
> > > Then I imported resulting red5.p12 into keystore, fine.
> > >
> > > Executing
> > > keytool -import -alias root -keystore /home/andreas/om/conf/keystore.jks
> > > -trustcacerts -file /home/andreas/rootcert.pem
> > >
> > > gives an error after entering the password:
> > > Keytool-Fehler: java.io.IOException: Keystore was tampered with, or
> > > password was incorrect
> > >
> > > Surely the password is correct.
> > >
> > > Does somebody has a hint for me?
> > >
> > >   Andreas
> > >    
>

Re: Problem importing root.crt into keystore.jks

Posted by ratatouille <ra...@bitclusive.de>.

Hello!

In your manual you are using the same command-sequence like I did with
according paths.
keytool -import -alias root -keystore /home/andreas/om/conf/keystore.jks -trustcacerts -file /home/andreas/rootcert.pem

Where I assume rootcert.pem is the rootcert of letsencrypt and it's stored in my
homefolder.

I get the same error when I want to import the intermediate certificate of letsencrypt.

Don't know what's wrong at the moment. This certificate stuff is very complex, though.

  Andreas


"K. Kamhamea" <ka...@googlemail.com> schrieb am 10.04.20 um 18:10:30 Uhr:

> Dis you check this Manual?
> https://cwiki.apache.org/confluence/display/OPENMEETINGS/OpenMeetings+5+Manual
> 
> I wrote a section about SSL where I answered exactly that question. The
> instruction you used is outdated though.
> 
> Let me know If you have some suggestions for improvement.
> 
> K.
> 
> Am Fr., 10. Apr. 2020 um 16:52 Uhr schrieb ratatouille <
> ratatouille@bitclusive.de>:  
> 
> > Hello!
> >
> > I exported existing letsencrypt certificate into PKCS12 format. That went
> > well.
> >
> > Then I imported resulting red5.p12 into keystore, fine.
> >
> > Executing
> > keytool -import -alias root -keystore /home/andreas/om/conf/keystore.jks
> > -trustcacerts -file /home/andreas/rootcert.pem
> >
> > gives an error after entering the password:
> > Keytool-Fehler: java.io.IOException: Keystore was tampered with, or
> > password was incorrect
> >
> > Surely the password is correct.
> >
> > Does somebody has a hint for me?
> >
> >   Andreas
> >

Re: Problem importing root.crt into keystore.jks

Posted by "K. Kamhamea" <ka...@googlemail.com>.

Dis you check this Manual?
https://cwiki.apache.org/confluence/display/OPENMEETINGS/OpenMeetings+5+Manual

I wrote a section about SSL where I answered exactly that question. The
instruction you used is outdated though.

Let me know If you have some suggestions for improvement.

K.

Am Fr., 10. Apr. 2020 um 16:52 Uhr schrieb ratatouille <
ratatouille@bitclusive.de>:

> Hello!
>
> I exported existing letsencrypt certificate into PKCS12 format. That went
> well.
>
> Then I imported resulting red5.p12 into keystore, fine.
>
> Executing
> keytool -import -alias root -keystore /home/andreas/om/conf/keystore.jks
> -trustcacerts -file /home/andreas/rootcert.pem
>
> gives an error after entering the password:
> Keytool-Fehler: java.io.IOException: Keystore was tampered with, or
> password was incorrect
>
> Surely the password is correct.
>
> Does somebody has a hint for me?
>
>   Andreas
>

Re: Problem importing root.crt into keystore.jks

Posted by ratatouille <ra...@bitclusive.de>.

ratatouille <ra...@bitclusive.de> schrieb am 10.04.20 um 16:52:38 Uhr:

> Hello!
> 
> I exported existing letsencrypt certificate into PKCS12 format. That went well.
> 
> Then I imported resulting red5.p12 into keystore, fine.
> 
> Executing
> keytool -import -alias root -keystore /home/andreas/om/conf/keystore.jks -trustcacerts -file /home/andreas/rootcert.pem
> 
> gives an error after entering the password:
> Keytool-Fehler: java.io.IOException: Keystore was tampered with, or password was incorrect
> 
> Surely the password is correct.

I used "Create Keystore using existing key-pair" from
https://om.alteametasoft.com/openmeetings/docs/RTMPSAndHTTPS.html
for advice.

Must the password for the keystore be set somewhere in $om config?

  Andreas

Re: Problem importing root.crt into keystore.jks

Posted by ratatouille <ra...@bitclusive.de>.

I made a mistlake regarding -deststorepass wrongpassword.

Now I was able to import rootcert.pem and intermediatecert.pem

Thank you for your patience!

I have another problem now connecting to socket. I'll open another
thread.

  Andreas


"K. Kamhamea" <ka...@googlemail.com> schrieb am 10.04.20 um 20:04:07 Uhr:

> Thank you for giving me some feedback to the manual I've written. Such
> feedback is so important to improve, and I learned that I have to make it
> more explicit.
> 
> Checklist
> 1. Please make sure you named the certificates correctly.
> 2. Please make sure that the password is set correctly (The script from
> that website uses passwrd or something like that instead of openmeetings)
> 3. If The error occurs with the root certificate only you can easily ignore
> it. Although it is mentioned with the keystore documentation it is no
> longer necessary. It works without it. See the very last sentence in my
> manual.
> 
> Best K.
> 
> Am Fr., 10. Apr. 2020 um 16:52 Uhr schrieb ratatouille <
> ratatouille@bitclusive.de>:  
> 
> > Hello!
> >
> > I exported existing letsencrypt certificate into PKCS12 format. That went
> > well.
> >
> > Then I imported resulting red5.p12 into keystore, fine.
> >
> > Executing
> > keytool -import -alias root -keystore /home/andreas/om/conf/keystore.jks
> > -trustcacerts -file /home/andreas/rootcert.pem
> >
> > gives an error after entering the password:
> > Keytool-Fehler: java.io.IOException: Keystore was tampered with, or
> > password was incorrect
> >
> > Surely the password is correct.
> >
> > Does somebody has a hint for me?
> >
> >   Andreas
> >

Re: Problem importing root.crt into keystore.jks

Posted by Maxim Solodovnik <so...@gmail.com>.

On Sat, 11 Apr 2020 at 01:04, K. Kamhamea <ka...@googlemail.com> wrote:

> Thank you for giving me some feedback to the manual I've written. Such
> feedback is so important to improve, and I learned that I have to make it
> more explicit.
>
> Checklist
> 1. Please make sure you named the certificates correctly.
> 2. Please make sure that the password is set correctly (The script from
> that website uses passwrd or something like that instead of openmeetings)
>

just curious why password should be `openmeetings` ?


> 3. If The error occurs with the root certificate only you can easily
> ignore it. Although it is mentioned with the keystore documentation it is
> no longer necessary. It works without it. See the very last sentence in my
> manual.
>
> Best K.
>
> Am Fr., 10. Apr. 2020 um 16:52 Uhr schrieb ratatouille <
> ratatouille@bitclusive.de>:
>
>> Hello!
>>
>> I exported existing letsencrypt certificate into PKCS12 format. That went
>> well.
>>
>> Then I imported resulting red5.p12 into keystore, fine.
>>
>> Executing
>> keytool -import -alias root -keystore /home/andreas/om/conf/keystore.jks
>> -trustcacerts -file /home/andreas/rootcert.pem
>>
>> gives an error after entering the password:
>> Keytool-Fehler: java.io.IOException: Keystore was tampered with, or
>> password was incorrect
>>
>> Surely the password is correct.
>>
>> Does somebody has a hint for me?
>>
>>   Andreas
>>
>

-- 
Best regards,
Maxim

Re: Problem importing root.crt into keystore.jks

Posted by "K. Kamhamea" <ka...@googlemail.com>.

Thank you for giving me some feedback to the manual I've written. Such
feedback is so important to improve, and I learned that I have to make it
more explicit.

Checklist
1. Please make sure you named the certificates correctly.
2. Please make sure that the password is set correctly (The script from
that website uses passwrd or something like that instead of openmeetings)
3. If The error occurs with the root certificate only you can easily ignore
it. Although it is mentioned with the keystore documentation it is no
longer necessary. It works without it. See the very last sentence in my
manual.

Best K.

Am Fr., 10. Apr. 2020 um 16:52 Uhr schrieb ratatouille <
ratatouille@bitclusive.de>:

> Hello!
>
> I exported existing letsencrypt certificate into PKCS12 format. That went
> well.
>
> Then I imported resulting red5.p12 into keystore, fine.
>
> Executing
> keytool -import -alias root -keystore /home/andreas/om/conf/keystore.jks
> -trustcacerts -file /home/andreas/rootcert.pem
>
> gives an error after entering the password:
> Keytool-Fehler: java.io.IOException: Keystore was tampered with, or
> password was incorrect
>
> Surely the password is correct.
>
> Does somebody has a hint for me?
>
>   Andreas
>