Setting up SSL

tsmori · ‎07-31-2012

Trying to use our local CA to create the SSL certificates for hyperic, but it's not working. When I start up the server, it eventually starts throwing a bunch of exceptions, the primary one seems to be:

Error creating bean with name 'dbKeystoreManager'

I created a keystore with the default password, imported my CA and a certificate for HQ and used that for the install. Not sure why it didnt' work.

Also, not sure why I have to reinstall Hyperic in order to use my own certs, especially since the latest version seems to default to SSL. If it's going to be the default, then there should be a far, far easier way for me to add my own certs and trustedca.

tsmori · ‎07-31-2012

Tried it again and this time the hyperic server starts, but for whatever reason, it wipes out my keystore. It removes the certs I had installed.

If I'm using my own keystore, why does the Hyperic server need to write to it? And why does it remove my certificates? If I set the keystore to be owned by root and readonly, the server won't start.

keystore: original:

Keystore type: JKS

Keystore provider: SUN

Your keystore contains 3 entries

ca, Jul 31, 2012, trustedCertEntry,

Certificate fingerprint (MD5): 59:7E:50:A6:FD:B7:34:EA:A2:73:D0:42:E2:A6:BB:12

<myhost+domain>, Jul 31, 2012, PrivateKeyEntry,

Certificate fingerprint (MD5): AD:99:F2:31:72:2D:13:2B:8B:3B:6D:4D:A6:CD:7E:C4

hq, Jul 31, 2012, trustedCertEntry,

Certificate fingerprint (MD5): C6:B7:AF:6E:FC:90:6E:D8:42:98:3D:8F:9E:FC:97:8C

keystore after starting up hyperic:

Keystore type: JKS

Keystore provider: SUN

Your keystore contains 1 entry

<myhost+domain>, Jul 31, 2012, PrivateKeyEntry,

Certificate fingerprint (MD5): AD:99:F2:31:72:2D:13:2B:8B:3B:6D:4D:A6:CD:7E:C4

tsmori · ‎07-31-2012

Grumble... grumble..

Third time was the charm. Must not have had my certs linked correctly.

Still... wish there was a better way than to re-install.

All

Setting up SSL