gitblit-org
Multiple SSL certificates
Latest v. 1.10.0 doesn't support multiple SSL server certificates. Adding new one through authority.cmd causes crash after gitblit service restart. The only option to edit serverKeyStore.jks using Java keytool to remove offending SSL. It would be nice to have an option in Gitblit Certificate Authority GUI to remove or override the old SSL certificate.
I did not fully understand what actions lead to the crash. Could you provide detailed steps to reproduce the issue?
Launch authority.cmd, click red icon on top "new server SSL certificate", enter new hostname keeping marked checkbox "serve https with this certificate", click button ok. The dialog will show up to restart gitblit service (or gitblit.cmd). Then crash happens followed by jetty library exception to unable running multiple SSL certificates. The exception detail will be written in gitblit-stderr.....log, on bottom. Problem is 2 SSL certificates located in serverKeyStore.jks. The only way, to use keytool to remove localhost SSL certificate and restart gitblit service.
Hello, Windows user here. i have upgraded from 1.9.3. to 1.10.0 yesterday. checked multiple times with keytool bundled with java also with KeyStore Explorer, i only see one certificate, i still have same error:
java.lang.IllegalStateException: KeyStores with multiple certificates are not supported on the base class org.eclipse.jetty.util.ssl.SslContextFactory. (Use org.eclipse.jetty.util.ssl.SslContextFactory$Server or org.eclipse.jetty.util.ssl.SslContextFactory$Client instead)
Reverting to 1.9.3 solves this issue.
FYI i created keystore using openssl: openssl pkcs12 -export -inkey your_private.key -in your_certificate.crt -certfile ca_bundle.crt -name gitblit -out gitblit.p12 and converted to jks via keytool: keytool -importkeystore -destkeystore serverKeyStore.jks -srckeystore gitblit.p12 -srcstoretype PKCS12 -alias gitblit
