Cryptographic Error: Trusted Certificate Entries are Not Password-protected Keytool

Problem When replacing the certificates on a vCloud Director 9.5 installation, I ran the configure command and the following error occurred. cryptographic error: trusted certificate entries are not password-protected keytool   Troubleshooting Upon investigation of the keystore file it appeared that the keytool -storetype JCEKS -list -v -keystore certs.ks <snip> Alias name: http Creation date: 29 Read More…

How Does SSL Work?

  Below is a very simple overview of how SSL works in an asymmetric browser to web server scenario.      1. The client browser (eg Internet Explorer, Google Chrome, Safari etc) requests a secure HTTPS page by typing in  https://www.domainname.com .   2. The web server responds by sending SSL certificate and public key.   Read More…

DPI-SSL and SSL v3.0 on Sonicwall

Scenario. I have a bespoke webserver behind a Sonicwall NSA 4500 (in HA mode) running DPI-SSL. I upgraded the webserver. This all went to plan but I couldn't access the server either via the VPN or externally.   We performed some packet traces and noticed that SSL v3.0 seemed to be initiated when connecting via the VPN or externally but Read More…

Create a PKCS#12 (.p12) file using OpenSSL

Scenario: I wanted to create PKCS12 file to import into a Sonicwall Firewall (FW 5.9.0.4) You'll need.  – Certificate from CA (my.crt) – Private key (my.key) – CA Bundle (myCA.crt) – The password for the private key From a UNIX based server pop all of the required files into a specific directory.  # openssl pkcs12 Read More…