I’m using Let’s Encrypt to automate certification for an Ignition service we are running, but the service expects certifications stored this way to include a keystore alias and password. I’m able to add the password within Certify’s configuration but I haven’t seen anything regarding the alias. From what I can tell the alias is skipped over outright. The error logs from our service report,
java.lang.Exception: Expected exactly one valid alias in the SSL KeyStore but got 0
So what’s going on? Am I looking in the wrong places? Is there some way for me to add an alias via keytool?
Hi, our generated PFX has a generated FriendlyName but that’s not quite the same as a java keystore alias, you could convert the source file into your own keystore. From googling I think the command might be along the lines of:
Thanks for the reply. That definitely helps me gain some traction but I’m still unable to provide an alias to the keystore. The sample command you gave yields the following error,
keytool error: java.lang.Exception: if alias not specified, destalias and srckeypass must not be specified
Any chance that the “generated FriendlyName” can be used as a reference?
I worked out a solution using OpenSSL via PowerShell. (OpenSSL was already installed on my machine, not sure if that’s common.)
I’m still using Certify to manage the credentials, but rather than using the .pfx as provided I use the Deployment Tasks to specifically export the Private Key and the Full Certificate Chain (Excluding Key). These can be bundled together to make a “proper” keystore using OpenSSL in a PowerShell task.