Architecture > Encryption

SSL

This page is a tutorial for troubleshooting the following SSL-related issues, such as No available authentication scheme, Unsupported or unrecognized SSL message, or SSL Protocol Error.

These issues are generally not caused by 3forge but are generic error messages indicating that there was a problem in how the certificate was generated.

Here is our recommended procedure for the generation:

1. Download the root keystore for your environment (Should not matter if using jks or pem):

   keytool -importkeystore -srckeystore cacerts.jks -destkeystore web.keystore
   

   Or

   keytool -import -file cacert.pem -keystore web.keystore
   

2. Generate Certificate Signing Request (CSR) - Modifies keystore.

   Generate the certificate:

   keytool -genkeypair -keystore web.keystore -alias server -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -dname "CN=...,OU=...,O=C=..."
   

   Then generate a request through your Certificate Authority (CA):

   keytool -certreq -alias server -file server.csr -keystore web.keystore
   

   Note

   keypass and storepass should match web.keystore.password, source password is the cacerts password.

3. Import the certificate into the keystore:

   keytool -import -v -trustcacerts -alias root -keystore web.keystore -file cert.cer -keypass [pass] -storepass [pass]
   

4. In our experience, the following command didn't work and was the cause of the above SSL-related errors:

   keytool -importcert -keystore web.keystore -alias server -file cert.cer