I'm trying to set up SSL on my Websphere-Liberty server with a self-sigend CA, but I keep getting a SSLHandshakeException. I'm no SSL expert, so probably I'm just forgetting something.
Here are some details about my setup:
product = WebSphere Application Server 8.5.5.0 (wlp-1.0.3.20130510-0831)
java.version = 1.7.0_51
os = Windows 8 (6.2; amd64) (en_US)
I managed to deploy the worklight application center war, and this is accessible via the browser. When I try to access the application center via https, I get the following exception:
[9/1/14 19:07:11:799 EEST] 00000021 com.ibm.ws.channel.ssl.internal.SSLHandshakeErrorTracker E CWWKO0801E: Unable to initialize SSL connection. Unauthorized access was denied or security settings have expired. Exception is javax.net.ssl.SSLHandshakeException: no cipher suites in common
I have the following configuration in my server.xml
<feature>ssl-1.0</feature>
<keyStore id="defaultKeyStore" password="trasys" />
Once I add the keystore property, Websphere generates a keystore file (key.jks) with a default certificate. I removed the certificate with the java keytool utility and added my own self-signed CA certificate. This certificate was generated in cygwin using the following openssl command (as indicated in the following stackoverflow ticket: Is a signed SSL certificate required for Worklight development?):
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
To add the certificate to the empty keystore I used the following command:
keytool -import -trustcacerts -alias mydomain -file certificate.crt -keystore keystore.jks
So this is basically what I tried so far, does anyone know what I'm missing?
You only import public certificate, not the private key using your procedure. You need private key in your keystore.
You can use the following solutions:
securityUtility createSSLCertificate as described securityUtility command