1

I am trying to secure my private docker registry using SSL encryption. According to this, I need to copy a .crt and .key to a /certs directory and it will work.

What I have now is a .csr, .keystore and .cer and a root ca, intermediate certificate.

I used Java Keytool to generate .csr and keystore and CA gave me .cer, root ca and intermediate certificate.

Now according to link mentioned above, I specifically need .crt and .key.

What I did that

  1. I imported root certificate (root ca), intermediate certificat and received signed certificate (.cer) into keystore

    keytool -import -trustcacerts -alias rootca -file Primary.pem -keystore hostname.keystore

    keytool -import -trustcacerts -alias intermediate -file Secondary.pem -keystore hostname.keystore

    keytool -import -trustcacerts -alias hostname -file cert.cer -keystore hostname.keystore

    where Primary.pem and Secondary.pem are Root and Intermediate certificates respectively and cert.cer is received signed certificate and hostname.keystore is keystore used.

  2. Then I tried to generate .key and .crt from hostname.keystore by first converting it into PKCS12 as described here but after the first step, I got following error

    Problem importing entry for alias rootca: java.security.KeyStoreException: TrustedCertEntry not supported

    See below for command and error:

    keytool -importkeystore -srckeystore hostname.keystore -destkeystore hostname.p12 -deststoretype PKCS12

    Enter destination keystore password: Enter source keystore password:

    Problem importing entry for alias rootca: java.security.KeyStoreException: TrustedCertEntry not supported. Entry for alias rootca not imported. Do you want to quit the import process? [no]: no

    Problem importing entry for alias intermediate: java.security.KeyStoreException: TrustedCertEntry not supported. Entry for alias intermediate not imported. Do you want to quit the import process? [no]: no

    Existing entry alias domain exists, overwrite? [no]: yes Entry for alias domain successfully imported.

    Problem importing entry for alias hostname: java.security.KeyStoreException: TrustedCertEntry not supported. Entry for alias hostname not imported. Do you want to quit the import process? [no]: no

    Import command completed: 1 entries successfully imported, 3 entries failed or cancelled

  3. How to solve this issue and secure the registry? Is it related to Java version?

Platform: RHEL 4.1

Java Version: 1.7.0_75

Community
  • 1
saurg
  • 113

0 Answers0