Openhabian keystore, runtime.cfg

I tried to use my own self signed certificate and tried a lot with hints from chatGPT but nothing works.
When i delete my keystore:

systemctl stop openhab.service
rm /var/lib/openhab/etc/keystore
systemctl start openhab.service

a new keystore is created. But i don’t know the password of this store. It is not the default: habopen

I tried to create my own keystore and added resp. parameters to /etc/openhab/services/runtime.cfg (and tried also /etc/openhab/runtime.cfg)

# HTTPS aktivieren
org.openhab.core.security:ssl=true

# Pfad zum PKCS12‑Keystore (relativ zu /etc/openhab)
org.openhab.core.security:keystore=keystore

# Passwort des Keystores (Standard‑Passwort: habopen)
org.openhab.core.security:keystorePassword=habopen

# Optional: Port (Standard ist 8443)
org.openhab.core.security:port=8443

But this seems to be ignored.

keytool -list -storetype PKCS12 -keystore /var/lib/openhab/etc/keystore -storepass habopen
Keytool-Fehler: java.io.IOException: Keystore was tampered with, or password was incorrect

What is wrong here?

Which runtime.cfg is used? Is it used at all?

I have no extra environment variables setting the keystore password. I don’t added any extra “-D” options in /etc/default/openhab.

The password is “openhab” (unless it’s changed relatively recently).

See SSL with OpenHAB2 - #3 by EdwardV

THX! This password works.

I was able to generate my own cert with san.cnf for additional DNS and IP entries. Remarks:

• The alias in the keystore has to be “mykey”.
• The password has to be openhab. Resp. entries like “org.openhab.core.security:keystorePassword” in (any) runtime.cfg are ignored.

Am i right?

If it works I guess so. I’ve not done this myself. I just remembered there was a post describing how to do it. Someone with more experience will have to chime in, and if you figure it out please let us know.