https://connect.hyland.com/t5/alfresco-forum/acs-23-2-1-enterprise-keystore-issues/m-p/118306#M32647 <P>I'm having trouble configuring the keystores properly due to the inconsitent documentation.&nbsp; I am completely new to ACS and tasked with installing it on Windows.</P><P>Documentation says:</P><P>1. For catalina.bat, configure the below; however when I look at the&nbsp;keystore-passwords.properties file, it says that is deprecated.&nbsp; Also, is the standard keystore type JCEKS or PCKS12?</P><P>&nbsp;<A href="https://docs.alfresco.com/content-services/latest/install/zip/tomcat/" target="_blank" rel="noopener nofollow noreferrer">Alfresco Docs - Install on Tomcat</A><BR />set “JAVA_TOOL_OPTIONS=-Dencryption.keystore.type=JCEKS -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding -Dencryption.keyAlgorithm=DESede -Dencryption.keystore.location=&lt;TOMCAT_HOME&gt;/alf_data/keystore/metadata-keystore/keystore -Dmetadata-keystore.password=mp6yc0UD9e -Dmetadata-keystore.aliases=metadata -Dmetadata-keystore.metadata.password=oKIWzVdEdA -Dmetadata-keystore.metadata.algorithm=DESede”</P><P>2. When configuring the Tomcat server.xml file for the 8443 connector, it keeps throwing errors stating:</P><P>WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [clientAuth] to [true]<BR />[main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector/SSLHostConfig/Certificate] failed to set property [certificatekeystoreFile] to [D:\alfresco-content-services\alf_data\keystore\ssl.keystore]<BR />[main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector/SSLHostConfig/Certificate] failed to set property [certificatekeystorePass] to [password]<BR />WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector/SSLHostConfig/Certificate] failed to set property [certificatetruststoreFile] to [D:\alfresco-content-services\alf_data\keystore\ssl.truststore]<BR />WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector/SSLHostConfig/Certificate] failed to set property [certificatetruststorePass] to [password]<BR />WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector/SSLHostConfig/Certificate] failed to set property [certificateTruststoreType] to [PKCS12]</P><P>This is my config for the connector:</P><P>&lt;Connector port="8443" protocol="HTTP/1.1"<BR />connectionTimeout="20000"<BR />maxHttpHeaderSize="32768"<BR />SSLEnabled="true" scheme="https" secure="true"<BR />clientAuth="true"&gt;<BR />&lt;SSLHostConfig sslProtocol="TLSv1.2"&gt;<BR />&lt;Certificate<BR />certificatekeystoreFile="D:\alfresco-content-services\alf_data\keystore\ssl.keystore"<BR />certificatekeystorePass="keypassword"<BR />certificateKeystoreType="JCEKS"<BR />certificatetruststoreFile="D:\alfresco-content-services\alf_data\keystore\ssl.truststore"<BR />certificatetruststorePass="trustpw"<BR />certificateTruststoreType="JCEKS"<BR />/&gt;<BR />&lt;/SSLHostConfig&gt;<BR />&lt;/Connector&gt;</P> Wed, 19 Jun 2024 17:15:29 GMT mparsons 2024-06-19T17:15:29Z https://connect.hyland.com/t5/alfresco-forum/acs-23-2-1-enterprise-keystore-issues/m-p/118306#M32647 <P>I'm having trouble configuring the keystores properly due to the inconsitent documentation.&nbsp; I am completely new to ACS and tasked with installing it on Windows.</P><P>Documentation says:</P><P>1. For catalina.bat, configure the below; however when I look at the&nbsp;keystore-passwords.properties file, it says that is deprecated.&nbsp; Also, is the standard keystore type JCEKS or PCKS12?</P><P>&nbsp;<A href="https://docs.alfresco.com/content-services/latest/install/zip/tomcat/" target="_blank" rel="noopener nofollow noreferrer">Alfresco Docs - Install on Tomcat</A><BR />set “JAVA_TOOL_OPTIONS=-Dencryption.keystore.type=JCEKS -Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding -Dencryption.keyAlgorithm=DESede -Dencryption.keystore.location=&lt;TOMCAT_HOME&gt;/alf_data/keystore/metadata-keystore/keystore -Dmetadata-keystore.password=mp6yc0UD9e -Dmetadata-keystore.aliases=metadata -Dmetadata-keystore.metadata.password=oKIWzVdEdA -Dmetadata-keystore.metadata.algorithm=DESede”</P><P>2. When configuring the Tomcat server.xml file for the 8443 connector, it keeps throwing errors stating:</P><P>WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [clientAuth] to [true]<BR />[main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector/SSLHostConfig/Certificate] failed to set property [certificatekeystoreFile] to [D:\alfresco-content-services\alf_data\keystore\ssl.keystore]<BR />[main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector/SSLHostConfig/Certificate] failed to set property [certificatekeystorePass] to [password]<BR />WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector/SSLHostConfig/Certificate] failed to set property [certificatetruststoreFile] to [D:\alfresco-content-services\alf_data\keystore\ssl.truststore]<BR />WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector/SSLHostConfig/Certificate] failed to set property [certificatetruststorePass] to [password]<BR />WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector/SSLHostConfig/Certificate] failed to set property [certificateTruststoreType] to [PKCS12]</P><P>This is my config for the connector:</P><P>&lt;Connector port="8443" protocol="HTTP/1.1"<BR />connectionTimeout="20000"<BR />maxHttpHeaderSize="32768"<BR />SSLEnabled="true" scheme="https" secure="true"<BR />clientAuth="true"&gt;<BR />&lt;SSLHostConfig sslProtocol="TLSv1.2"&gt;<BR />&lt;Certificate<BR />certificatekeystoreFile="D:\alfresco-content-services\alf_data\keystore\ssl.keystore"<BR />certificatekeystorePass="keypassword"<BR />certificateKeystoreType="JCEKS"<BR />certificatetruststoreFile="D:\alfresco-content-services\alf_data\keystore\ssl.truststore"<BR />certificatetruststorePass="trustpw"<BR />certificateTruststoreType="JCEKS"<BR />/&gt;<BR />&lt;/SSLHostConfig&gt;<BR />&lt;/Connector&gt;</P> Wed, 19 Jun 2024 17:15:29 GMT https://connect.hyland.com/t5/alfresco-forum/acs-23-2-1-enterprise-keystore-issues/m-p/118306#M32647 mparsons 2024-06-19T17:15:29Z https://connect.hyland.com/t5/alfresco-forum/acs-23-2-1-enterprise-keystore-issues/m-p/118307#M32648 <P>In addition to documentation, this may help you to understand the task:</P> <P><A href="https://hub.alfresco.com/t5/news-announcements/tech-talk-live-157-slides-and-recording/ba-p/321141/jump-to/first-unread-message" target="_blank" rel="nofollow noopener noreferrer">https://hub.alfresco.com/t5/news-announcements/tech-talk-live-157-slides-and-recording/ba-p/321141/jump-to/first-unread-message</A></P> <P><A href="https://github.com/aborroy/alfresco-mtls-debugging-kit" target="_blank" rel="nofollow noopener noreferrer">https://github.com/aborroy/alfresco-mtls-debugging-kit</A></P> Thu, 20 Jun 2024 06:18:04 GMT https://connect.hyland.com/t5/alfresco-forum/acs-23-2-1-enterprise-keystore-issues/m-p/118307#M32648 angelborroy 2024-06-20T06:18:04Z https://connect.hyland.com/t5/alfresco-forum/acs-23-2-1-enterprise-keystore-issues/m-p/118308#M32649 <P>Thanks I have watched the talk which provides some better detail.&nbsp; However, I noticed you are using Docker and step-ca in your demo; is the Alfresco-SSL-generator tool not supported?&nbsp; You also mention using the&nbsp;community.sh script to generate certificates, but that doesn't apppear to be available in the Windows folder.</P> Thu, 20 Jun 2024 15:06:14 GMT https://connect.hyland.com/t5/alfresco-forum/acs-23-2-1-enterprise-keystore-issues/m-p/118308#M32649 mparsons 2024-06-20T15:06:14Z https://connect.hyland.com/t5/alfresco-forum/acs-23-2-1-enterprise-keystore-issues/m-p/118309#M32650 <P>Also, can you let me know what file the configuration in catalina.bat should be configured for?&nbsp; Is it intended to point to the file "keystore" that is generated in the&nbsp;\ssl-tool-win\keystores\alfresco dir using the Alfresco SSL tool, or the ssl.keystore or ssl.truststore file?&nbsp; If it is the keystore file, is it in JCEKS format and what are the passwords?&nbsp; Alfresco fails to start with the error "Failed to create key: metadata in key store: Location: D:/alfresco-content-services/alf_data/keystore/keystore".</P><P>Documentation says to configure:</P><P><FONT size="1 2 3 4 5 6 7">set “JAVA_TOOL_OPTIONS=</FONT></P><P><FONT size="1 2 3 4 5 6 7">-Dencryption.keystore.type=JCEKS </FONT></P><P><FONT size="1 2 3 4 5 6 7">-Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding </FONT></P><P><FONT size="1 2 3 4 5 6 7">-Dencryption.keyAlgorithm=DESede </FONT></P><P><FONT size="1 2 3 4 5 6 7">-Dencryption.keystore.location=&lt;TOMCAT_HOME&gt;/alf_data/keystore/metadata-keystore/<STRONG>keystore </STRONG></FONT></P><P><FONT size="1 2 3 4 5 6 7">-Dmetadata-keystore.password=mp6yc0UD9e </FONT></P><P><FONT size="1 2 3 4 5 6 7">-Dmetadata-keystore.aliases=metadata </FONT></P><P><FONT size="1 2 3 4 5 6 7">-Dmetadata-keystore.metadata.password=oKIWzVdEdA </FONT></P><P><FONT size="1 2 3 4 5 6 7">-Dmetadata-keystore.metadata.algorithm=DESede”</FONT></P> Thu, 20 Jun 2024 18:27:51 GMT https://connect.hyland.com/t5/alfresco-forum/acs-23-2-1-enterprise-keystore-issues/m-p/118309#M32650 mparsons 2024-06-20T18:27:51Z