ssl: add a note about PKCS#12 password

For some reason, the key is protected inside the keystore by the password from the PKCS#12 file. We should be able to chnage it with `-destkeypass` but it said that we should have aliases and when we use `-alias`, it complains about conflicts. Just tell the user to ensure the PKCS#12 have the same password.
2015-12-20 21:38:42 +01:00 · 2015-12-20 21:38:42 +01:00 · 40af05341a
parent 99a05eb563
commit 40af05341a
1 changed files with 4 additions and 1 deletions
--- a/certificates/generate
+++ b/certificates/generate
@ -36,7 +36,10 @@ certtool --generate-certificate \

 # Put the certificate and key for client into certificate store
 # (protected by "changeit" password). keytool is not able to import a
-# key. It's a great tool. Use PKCS12.
+# key. It's a great tool. Use PKCS12. Also, the P12 should be
+# protected by the same password as the keystore. How to specify a
+# password to protect the key inside the keystore during import is
+# still a mystery to me (keytool complains about aliases).
 rm -f client.p12 store.bks
 certtool --load-certificate client-cert.pem \
         --load-privkey client-key.pem \