ssl: add a note about PKCS#12 password

For some reason, the key is protected inside the keystore by the
password from the PKCS#12 file. We should be able to chnage it with
`-destkeypass` but it said that we should have aliases and when we use
`-alias`, it complains about conflicts.

Just tell the user to ensure the PKCS#12 have the same password.
This commit is contained in:
Vincent Bernat 2015-12-20 21:38:42 +01:00
parent 99a05eb563
commit 40af05341a

View File

@ -36,7 +36,10 @@ certtool --generate-certificate \
# Put the certificate and key for client into certificate store
# (protected by "changeit" password). keytool is not able to import a
# key. It's a great tool. Use PKCS12.
# key. It's a great tool. Use PKCS12. Also, the P12 should be
# protected by the same password as the keystore. How to specify a
# password to protect the key inside the keystore during import is
# still a mystery to me (keytool complains about aliases).
rm -f client.p12 store.bks
certtool --load-certificate client-cert.pem \
--load-privkey client-key.pem \