I have chosen gitblit for my git web gui since they offer a self-contained version that is supposed to run out of the box. Very well, it did. Now everyone attempting to connect to the server via https gets a certificate error and remote cli operations also require a custom flag to not validate the cert.
Since I am also running other web apps which will some day use ssl once they are fully developed, I created a free certificate on https://www.startssl.com/. Now I got 4 files: a private key, a root certificate, an intermediate certificate and my very own certificate for the domain.
I did follow the tutorial at Point.Up.it
> openssl rsa -in your.private.key -out unencrypted.key
> openssl pkcs12 -inkey unencrypted.key -in yourhostcertificate.crt -export -out yourkeystore.p12
> keytool -importkeystore -srckeystore yourkeystore.p12 -srcstoretype pkcs12 -destkeystore serverKeyStore.jks
I was then replacing the generated keystore with the one in gitblit_root/data/.
I was using the default password gitblitfor the keystore, this is also the setting value in gitblit.properties.
But gitblit launch fails with following log lines:
[WARN ] FAILED org.eclipse.jetty.server.Server@5324f3fe: java.io.IOException: Keystore was tampered with, or password was incorrect
[WARN ] FAILED GitblitSslContextFactory@191a9961(/opt/gitblit/data/serverKeyStore.jks,/opt/gitblit/data/serverTrustStore.jks): java.io.IOException: Keystore was tampered with, or password was incorrect
OS: Debian
java version "1.7.0_75"
OpenJDK Runtime Environment (IcedTea 2.5.4) (7u75-2.5.4-1~deb7u1)
OpenJDK 64-Bit Server VM (build 24.75-b04, mixed mode)
I'd be super grateful for anyone able to guide me in the right direction.
Okay so I figured it out now...
I destroyed my keystore upon attempting to import the certificate, this was the main problem that caused the crash.
First, I had to return to the default setup of certificates.
I deleted both, data/serverKeyStore.jks and data/serverTrustStore, and launched gitblit again. The certificate creation failed...
I downloaded the gitblit for windows and ran authority.cmd to copy over the fresh files mentioned above to my debian system and voilà: gitblit started again with the default localhost certificate.
Now to import my certificate, I created a new keystore pkcs keystore containing my private key and certificate. Then, I ran:
keytool -importkeystore -srckeystore yourkeystore.p12 -srcstoretype pkcs12 -destkeystore serverKeyStore.jks
to import the keystore into the gitblit store.
keytool -list listed both certificates along with their aliases.
Finally, I defined my certificate alias in data/gitblit.properties and the server ran.