I have two copies of mec AS2 1.1 build 37 exchanging test data over HTTP, and it's working very well. Now I want to turn on SSL.
I've searched around, but the guide that everyone points to be end answer seems to have disappeared. (I found it with archive.org but it didn't quite help)
Here are the steps I've done so far:
- 1) Opened jetty\etc\keystore with portecle (password 'test').
- 2) I saw "key1" is valid, and don't mind using self signed certificates, so I left it alone.
- 3) Opened jetty-ssl.xml and copied the contents from <Call> to </Call>
- 4) Opened jetty.xml and pasted the above in.
- 5) Started AS2.exe, failed with error: Keystore was tampered with, or password was changed.
- 6) I couldn't figure out how to de-obfuscate the passwords so I just changed them to plain text.
<Call name="addConnector"> <Arg> <New class="org.mortbay.jetty.security.SslSocketConnector"> <Set name="Port">8443</Set> <Set name="maxIdleTime">30000</Set> <Set name="keystore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set> <Set name="password">test</Set> <Set name="keyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set> <Set name="truststore"><SystemProperty name="jetty.home" default="." />/etc/keystore</Set> <Set name="trustPassword">test</Set> </New> </Arg> </Call> - 7) Now I get an error "Unrecoverkey exception, Could not recover password"
So that's where I'm at, I can't be too far off. What is the difference between the various passwords in this section of the XML? What do I need to do to get this working?
I appreciate any help!
RBeck,
Please use the same password for the keystore and the key entry. Please dont use the key "key1" in productive environment, it is a test key that everybody could extract from our packages. There must be only one key in the keystore - please replace the existing key "key1" with your own key. SSL will not work properly with more than one private key in the SSL keystore.
Regards
...same password for the keystore and the key entry.
Thanks service!