Hello.
I replaced MY keystore certificate with my real one. I also changed the password(s). I made all the changes in runtime\etc\jetty.xml
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
<Set name="KeyStorePath"><SystemProperty name="jetty.keystore.path" default="/etc/myKeystore" /></Set>
<Set name="KeyStorePassword"><SystemProperty name="jetty.ssl.password" default="OBF:mysecretkey" /></Set>
<Set name="KeyManagerPassword"><SystemProperty name="jetty.ssl.keypassword" default="OBF:mysecretkey" /></Set>
<Set name="TrustStorePath"><SystemProperty name="jetty.truststore.path" default="/etc/myKeystore" /></Set>
<Set name="TrustStorePassword"><SystemProperty name="jetty.ssl.password" default="OBF:mysecretkey" /></Set>
<Set name="EndpointIdentificationAlgorithm"></Set>
<Set name="NeedClientAuth"><SystemProperty name="jetty.ssl.needClientAuth" default="false" /></Set>
<Set name="WantClientAuth"><SystemProperty name="jetty.ssl.wantClientAuth" default="false" /></Set>
</New>
Now I have a secure connection, but openhab not happy at every boot that it cannot create a certificate.
How to remove this error? I understand that I have to use SSL through a reverse proxy, but I need this approach.
Why does he swear at the password if he uses it later without problems?
2022-07-01 15:20:38.642 [ERROR] [ficate.internal.CertificateGenerator] - Failed to generate a new SSL Certificate.
java.security.KeyStoreException: Failed to load the keystore R:\servers\openhab\userdata\etc\keystore
at org.openhab.core.io.jetty.certificate.internal.CertificateGenerator.ensureKeystore(CertificateGenerator.java:132) ~[bundleFile:?]
at org.openhab.core.io.jetty.certificate.internal.CertificateGenerator.start(CertificateGenerator.java:88) [bundleFile:?]
at org.eclipse.osgi.internal.framework.BundleContextImpl$2.run(BundleContextImpl.java:813) [org.eclipse.osgi-3.17.200.jar:?]
at org.eclipse.osgi.internal.framework.BundleContextImpl$2.run(BundleContextImpl.java:1) [org.eclipse.osgi-3.17.200.jar:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
at org.eclipse.osgi.internal.framework.BundleContextImpl.startActivator(BundleContextImpl.java:805) [org.eclipse.osgi-3.17.200.jar:?]
at org.eclipse.osgi.internal.framework.BundleContextImpl.start(BundleContextImpl.java:762) [org.eclipse.osgi-3.17.200.jar:?]
at org.eclipse.osgi.internal.framework.EquinoxBundle.startWorker0(EquinoxBundle.java:1032) [org.eclipse.osgi-3.17.200.jar:?]
at org.eclipse.osgi.internal.framework.EquinoxBundle$EquinoxModule.startWorker(EquinoxBundle.java:371) [org.eclipse.osgi-3.17.200.jar:?]
at org.eclipse.osgi.container.Module.doStart(Module.java:605) [org.eclipse.osgi-3.17.200.jar:?]
at org.eclipse.osgi.container.Module.start(Module.java:468) [org.eclipse.osgi-3.17.200.jar:?]
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel$2.run(ModuleContainer.java:1847) [org.eclipse.osgi-3.17.200.jar:?]
at org.eclipse.osgi.internal.framework.EquinoxContainerAdaptor$1$1.execute(EquinoxContainerAdaptor.java:136) [org.eclipse.osgi-3.17.200.jar:?]
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.incStartLevel(ModuleContainer.java:1840) [org.eclipse.osgi-3.17.200.jar:?]
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.incStartLevel(ModuleContainer.java:1783) [org.eclipse.osgi-3.17.200.jar:?]
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.doContainerStartLevel(ModuleContainer.java:1745) [org.eclipse.osgi-3.17.200.jar:?]
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.dispatchEvent(ModuleContainer.java:1667) [org.eclipse.osgi-3.17.200.jar:?]
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.dispatchEvent(ModuleContainer.java:1) [org.eclipse.osgi-3.17.200.jar:?]
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:234) [org.eclipse.osgi-3.17.200.jar:?]
at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:345) [org.eclipse.osgi-3.17.200.jar:?]
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:795) ~[?:?]
at sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222) ~[?:?]
at java.security.KeyStore.load(KeyStore.java:1479) ~[?:?]
at org.openhab.core.io.jetty.certificate.internal.CertificateGenerator.ensureKeystore(CertificateGenerator.java:130) ~[bundleFile:?]
... 19 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:793) ~[?:?]
at sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222) ~[?:?]
at java.security.KeyStore.load(KeyStore.java:1479) ~[?:?]
at org.openhab.core.io.jetty.certificate.internal.CertificateGenerator.ensureKeystore(CertificateGenerator.java:130) ~[bundleFile:?]
... 19 more