I recently moved my docker based nexus server to a new host (NewHost) since the move I have not been able to docker login to the new environment. The error I have received when attempting to log in is the following
Error response from daemon: Get “https://NewHost:5000/v2/”: tls: failed to verify certificate: x509: certificate is valid for OldHost, not NewHost
To be completely transparent I do not have deep cert/ssl knowledge so this has left me a little stumped as to how to proceed.
The following is the content of my compose file - and to reiterate the entire environment was lifted and moved to the new environment including the persisted volume.
I have scoured the configuration to find any reference to a cert for the OldHost to which I found the keystore.jks as the only reference to the OldHost - however my attempts to manipulate that file have proven fruitless as every time I change it - nexus fails to start indicating the keystore file has meen tampered with
Help - at wits end here
the following log entry is what led me to the keystore.jks file as possibly being the problem
2023-09-22 13:08:46,595+0000 INFO [jetty-main-1] *SYSTEM org.eclipse.jetty.util.ssl.SslContextFactory - x509=X509@18e29ef8(jetty,h=[OldHost],a=[/10.179.1.23],w=) for Server@1108db2[provider=null,keyStore=file:///nexus-data/etc/ssl/keystore.jks,trustStore=file:///nexus-data/etc/ssl/keystore.jks]
SSL certificates specify the domain (e.g.
www.google.com) for which they are valid.
It sounds like your system is hosted at
new.host while your SSL certificate is for
old.host. So you’d need to generate a new one, and possibly have it signed (by a cert authority, or your corporations parent cert) then setup Nexus with it.
Thank you for the reply
I have acquired the new certificate for the new host
I have created a new keystore.jks file using the following command
keytool -v -importkeystore -srckeystore MyNewServerCert.pfx -srcstoretype PKCS12 -destkeystore keystore.jks -deststoretype JKS
I then replaced my existing keystore.jks file with the newly created keystore.jks
I also added the following entries in my nexus.properties file
attempt to restart the container but it fails with the following error message
ERROR [jetty-main-1] *SYSTEM org.sonatype.nexus.bootstrap.jetty.JettyServer - Failed to start
java.io.IOException: Keystore was tampered with, or password was incorrect
My assumption was that I could swap the keystore out and all would be fine. but somehow it appears to be holding on to something from the previous keystore file?
Thank you in advance for any assistance on this as I am a bit lost now