Nexus SSL configuration help

Sonatype Nexus Repository
, ,
1

Hello,
I’m trying to apply my SSL certificate to SonaType Nexus Repo Manager 3.

I’m using the following commands to generate the keystore:

keytool -genkey -alias myalias -keyalg RSA -keystore /opt/sonatype/nexus/sonatype-work/nexus3/etc/ssl/keystore.p12 -storetype pkcs12 -validity 3650 -dname "CN=*.mydomain.us, OU=IT, O=MyOrg, L=My City, S=State, C=US"

It prompts me to give it a password and I enter one. I then go to import my certs using:

keytool -keystore /opt/sonatype/nexus/sonatype-work/nexus3/etc/ssl/keystore.p12 -alias mycert_alias -import -file /path/to/my/cert/certificate_full_chain.pem

I then add the following lines to:
/opt/sonatype/nexus/current/etc/nexus.properties

nexus-args=${jetty.etc}/jetty.xml,${jetty.etc}/jetty-http.xml,${jetty.etc}/jetty-https.xml,${jetty.etc}/jetty-requestlog.xml
application-port-ssl=8443
ssl.etc=${karaf.data}/etc/ssl

I then go to edit /opt/sonatype/nexus/current/etc/jetty/jetty-https.xml

I add this line per the documentation:

<Set name="certAlias">jetty</Set>

And Configure the properties below it:

  <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
    <Set name="certAlias">mycert_alias</Set>
    <Set name="KeyStorePath"><Property name="ssl.etc"/>/keystore.p12</Set>
    <Set name="KeyStorePassword">password</Set>
    <Set name="KeyManagerPassword">password</Set>
    <Set name="TrustStorePath"><Property name="ssl.etc"/>/keystore.p12</Set>
    <Set name="TrustStorePassword">password</Set>
    <Set name="EndpointIdentificationAlgorithm"></Set>
    <Set name="NeedClientAuth"><Property name="jetty.ssl.needClientAuth" default="false"/></Set>
    <Set name="WantClientAuth"><Property name="jetty.ssl.wantClientAuth" default="false"/></Set>
    <Set name="IncludeProtocols">
      <Array type="java.lang.String">
        <Item>TLSv1.2</Item>
      </Array>

After this I start nexus using systemd and I NEVER see it launch on port 8443.

Earlier yesterday if I put the application-port-ssl=8443 into the nexus-default.properties and restart the application it seemed to work but didn’t like the SSL certificate.

What am I doing wrong?

2

Not sure if this is a transcription error but in your comment you refer to both
/opt/sonatype/nexus/sonatype-work/nexus3/ and /opt/sonatype/nexus/current/ so maybe some of the files are in the wrong location.

3

I try to configure this too

i have this error ERR_SSL_VERSION_OR_CIPHER_MISMATCH