I've fallen in love with Spark recently. Being unexperienced with web development, I stumbled upon Spark when I was looking for a small framework for setting up a simple web application based on Java. My learning curve has been steep and my first website (consisting of nothing but a simple form) is running smoothly.
One issue I had to deal with was using my domain's SSL certificate (proudly sponsored by Let's Encrypt) for the integrated web server that comes with Spark. As you can read here, a keystore and a password need to be specified in order to achieve this.
Alright, nothing easier than coming up with a password, but how do I set
up a Java keystore (.JKS) that uses my certificate? A quick
Startpage search directed me to Maximilian
on JKS and Let's Encrypt certificates.
I could skip step 1 as I had created and installed my certificates already. For step 2, I needed to locate the directory in which my Plesk installation stored the
privkey.pem files. I found
I copied them to a temp directory to make things easier, and then ran the following command:
openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out pkcs.p12 -name mydomain_letsencrypt
After typing in and remembering the password, the resulting
file could be used to create the JKS file as described in step 3:
keytool -importkeystore -deststorepass DEST_STORE_PASS -destkeypass KEY_PASS -destkeystore keystore.jks -srckeystore pkcs.p12 -srcstoretype PKCS12 -srcstorepass SRC_STORE_PASS -alias mydomain_letsencrypt
SRC_STORE_PASS is the password chosen in step 2. Make sure to
remember and distinguish those three passwords! Or use the same phrase
for all of them.
The result was saved as
keystore.pks. I changed my Spark code
String keyStoreLocation = "keystore.jks"; String keyStorePassword = "DEST_STORE_PASS"; secure(keyStoreLocation, keyStorePassword, null, null);
and put the file next my JAR. Done.
Update 2017-09-02: Here's a script that updates the keystore entry (e.g in case the existing SSL certificate has been invalided and a new one has been created).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
#!/bin/bash CERT_PATH=/opt/psa/var/modules/letsencrypt/etc/live/mydomain/ CERT_ALIAS=mydomain_letsencrypt PKCS_FILENAME=pkcs.p12 PKCS_PW='my_pkcs_pw' KEYSTORE_FILENAME=keystore.jks KEYSTORE_PW='my_keystore_pw' # generate PKCS12 file openssl pkcs12 -export -in $CERT_PATH/fullchain.pem -inkey $CERT_PATH/privkey.pem -out $PKCS_FILENAME -name $CERT_ALIAS -passout pass:$PKCS_PW # delete existing entry in Java keystore keytool -delete -keystore $KEYSTORE_FILENAME -alias $CERT_ALIAS -storepass $KEYSTORE_PW # add new Java keystore entry from PKCS12 file keytool -importkeystore -deststorepass $KEYSTORE_PW -destkeypass $KEYSTORE_PW -destkeystore $KEYSTORE_FILENAME -srckeystore $PKCS_FILENAME -srcstoretype PKCS12 -srcstorepass $PKCS_PW -alias $CERT_ALIAS rm $PKCS_FILENAME