Newbe Dev Stack

Answer : Okay, I noticed that this post is viewed quite often recently and so it seems that a lot of people are facing the same issue that I did. If so then this might help you. I have followed a simple step-by-step tutorial to create a SSL-certification for my webserver. Like so many tutorials out there the outcome of the tutorial I followed was a self-signed certificate using OpenSSL. Yep self-signed , that was the problem. The browser could not trust the server due to it's certificate which is signed by itself. Well I wouldn't do either... A certificate has to be signed by an external trustworthy certificate authority (CA). So I stumbled upon Let's Encrypt which does all the work for you and is even easier to set up and the best is: it is absolutely free. Installation 1) Delete your old ssl cert files which you have created by using OpenSSL 2) Open backports to get certbot client on Debian. You should know that this will open a hole for unfinished software!...

Answer : If you're trying to do stuff with the Java default system keystore ( cacerts ), then the default password is changeit . You can list keys without needing the password (even if it prompts you) so don't take that as an indication that it is blank. (Incidentally who in the history of Java ever has changed the default keystore password? They should have left it blank.) Add -storepass to keytool arguments. keytool -storepasswd -storepass '' -keystore mykeystore.jks But also notice that -list command does not always require a password. I could execute follow command in both cases: without password or with valid password $JAVA_HOME/bin/keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts

Answer : The input to the des command shouldn't be in base64. Instead, you need to first decode the base64 output and then provide it to the OpenSSL des command. For instance, when I run the following on Linux: echo U2FsdGVkX18ztmw81FTK/c+jAf8xtcZdIpesuV2PLDM= | openssl enc -base64 -d | openssl des -d I get the correct output: hello world Since Windows is not great with pipes, you have to redirect the output to intermediate files and then run individual openssl commands. Openssl can base64 decode and decrypt in the same step with the -a or -base64 switch. But there is a bug in openssl's base64 processing, it expects a newline at the end of the base64 encoded data. The easiest solution is to base64 --decode before decrypting. For example, consider this base64 encrypted output: # echo foo | openssl enc -aes256 -md sha512 -pass pass:pass -e -base64 U2FsdGVkX182tdJx07S5YoPzi9XhyONdR8Xbc6V1jiw= If this is sent with a newline, it works fine. But if not, it...