SSL Installation on the mango cloud
-
Hi Jerrry
Welcome to the forum. Please could you edit your post so that the ma.log text is inside a code element. It makes it a lot easier to scroll and copy.
Text
ERROR 2019-07-08T12:20:50,153 (com.serotonin.m2m2.Main.main:142) - Error during initialization java.io.IOException: Keystore was tampered with, or password was incorrect
Can you confirm that the keystore password is correct?
Can you also show us which forum thread you followed. -
This thread here provides a handy step by step on how to apply the cert given your version of mango. If you upgrade to the latest version you will have the ability to use letsEncrypt certs which can update on the fly. That was implemented from 3.5.3 I believe.
https://forum.infiniteautomation.com/topic/3725/external-ip/8
Alternatively if you're running multiple web services on the same server, a proxy might suit you more.
Fox
-
Hi Graig!
Thanks for your response,I have created my keystore .jdk using windows key tool.and i pasted it in the directory as shown on the mango.i have not use a password to generate my key.
this is the link i got information from: https://forum.infiniteautomation.com/topic/3725/external-ip/7 -
Hi Jerry
Did you use a password when creating the keystore, not the key? The logs show Mango cannot access the keystore.
What did you put on this line in your env.properties:
ssl.keystore.password=morethan6characters
-
Hi craigweb i did put : ssl.keystore.password=freetextpassword
-
@jmbayo said in SSL Installation on the mango cloud:
Caused by: java.security.UnrecoverableKeyException: Password verification failed
Your logs show that the password is not correct. You need to first test your password on the keystore.
-
this is the link i got information from: https://forum.infiniteautomation.com/topic/3725/external-ip/7
Did you use the keytool command exactly as it appears in this thread? If so, your keystore password would likely be
changei
-
This post is deleted! -
I trust you got things sorted Jimmy? Welcome to message via chat as well if you have any concerns
Fox
-
Hi Jimmy
The process is as follows:
- Create a keystore.jks to hold your keys
- Import the certificate into the keystore.
- Move the keystore onto your cloud server.
- edit the env.properties folder to point to your keystore.
If any passwords were used on either the key or the certificate then add them to the env.properties file
-
This post is deleted! -
@craigweb Thanks. Let me try that, will let you know how it goes.
-
Hi all; the SSL is now working on my cloud. I thought I would share the procedure and challenges encountered.
Step 0.
Buy a genuine SSL certificate
Step 1.
Generate a CSR to request a certificate from a recognised CA
Step 2
Generate a file.jks; on my case I used keystore explore to create a keystore.jks and load all my certificate in it.
Setp 3
I then imported it into my mango /opt/mango/overrides/properties
Challenges:
After all these steps, when I edited my env file to activate the SSL, my web page couldn’t be access. The issue was on my env file, I didn’t uncommented the ssl.key.password. I followed the instruction for using certbot which was not the right one for my case. The right is on support under configurationinstallation- ssl.on=true
- ssl.port=443
- ssl.keystore.location=[YOUR FULL MANGO PATH HERE]/overrides/keystore.jks
- ssl.keystore.password=[leave empty if you didn’t use a password]
- ssl.key.password=[leave empty if you didn’t use a password] (Note that this need to be uncommented as it is initially commented out)
Then I restarted mango, and that’s it