tsmori
Enthusiast
Enthusiast

Setting up SSL

Trying to use our local CA to create the SSL certificates for hyperic, but it's not working. When I start up the server, it eventually starts throwing a bunch of  exceptions, the primary one seems to be:

Error creating bean with name 'dbKeystoreManager'

I created a keystore with the default password, imported my CA and a certificate for HQ and used that for the install. Not sure why it didnt' work.

Also, not sure why I have to reinstall Hyperic in order to use my own certs, especially since the latest version seems to default to SSL. If it's going to be the default, then there should be a far, far easier way for me to add my own certs and trustedca.

0 Kudos
2 Replies
tsmori
Enthusiast
Enthusiast

Tried it again and this time the hyperic server starts, but for whatever reason, it wipes out my keystore. It removes the certs I had installed.

If I'm using my own keystore, why does the Hyperic server need to write to it? And why does it remove my certificates? If I set the keystore to be owned by root and readonly, the server won't start.

keystore: original:

Keystore type: JKS

Keystore provider: SUN
Your keystore contains 3 entries
ca, Jul 31, 2012, trustedCertEntry,
Certificate fingerprint (MD5): 59:7E:50:A6:FD:B7:34:EA:A2:73:D0:42:E2:A6:BB:12
<myhost+domain>, Jul 31, 2012, PrivateKeyEntry,
Certificate fingerprint (MD5): AD:99:F2:31:72:2D:13:2B:8B:3B:6D:4D:A6:CD:7E:C4
hq, Jul 31, 2012, trustedCertEntry,
Certificate fingerprint (MD5): C6:B7:AF:6E:FC:90:6E:D8:42:98:3D:8F:9E:FC:97:8C

keystore after starting up hyperic:

Keystore type: JKS

Keystore provider: SUN

Your keystore contains 1 entry

<myhost+domain>, Jul 31, 2012, PrivateKeyEntry,

Certificate fingerprint (MD5): AD:99:F2:31:72:2D:13:2B:8B:3B:6D:4D:A6:CD:7E:C4

0 Kudos
tsmori
Enthusiast
Enthusiast

Grumble... grumble..

Third time was the charm. Must not have had my certs linked correctly.

Still... wish there was a better way than to re-install.

0 Kudos