I'm trying to create a non-dev Node with proper certificate. There are my create certificate command from Java Keytool:
keytool -genkeypair -keyalg EC -keysize 256 -sigalg SHA256withECDSA -keystore root.jks -dname "O=Bank A,L=London,C=GB" -storepass password -keypass password -alias root -ext bc:c
keytool -keystore root.jks -storepass password -alias root -exportcert -rfc > root.pem
keytool -importkeystore -srckeystore root.jks -destkeystore truststore.jks -srcstorepass password -deststorepass password -srcalias root -destalias cordarootca
keytool -genkeypair -keyalg EC -keysize 256 -sigalg SHA256withECDSA -keystore intermediate.jks -dname "keytool -genkeypair -keyalg RSA -keystore root.jks -dname "O=Bank A,L=London,C=GB" -storepass password -keypass password -alias root -ext bc:c" -storepass password -keypass password -alias intermediate -ext bc:c
keytool -keystore intermediate.jks -storepass password -alias intermediate -certreq | keytool -keystore root.jks -storepass password -alias root -gencert -ext bc:c -rfc > intermediate.pem
type root.pem intermediate.pem > intermediatecachain.pem
keytool -keystore intermediate.jks -storepass password -alias intermediate - importcert -file intermediatecachain.pem -noprompt
keytool -keystore intermediate.jks -storepass password -alias intermediate -exportcert -rfc > intermediate.pem
keytool -genkeypair -keyalg EC -keysize 256 -sigalg SHA256withECDSA -keystore nodekeystore.jks -dname "keytool -genkeypair -keyalg RSA -keystore root.jks -dname "O=Bank A,L=London,C=GB" -storepass password -keypass password -alias root -ext bc:c" -alias cordaclientca -storepass password -keypass password -ext bc:c
keytool -keystore nodekeystore.jks -storepass password -alias cordaclientca -certreq | keytool -keystore intermediate.jks -storepass password -alias intermediate -gencert -ext bc:c -rfc > cordaclientca.pem
type intermediate.pem cordaclientca.pem > cordaclientcachain.pem
keytool -keystore nodekeystore.jks -storepass password -alias cordaclientca -importcert -file cordaclientcachain.pem -noprompt
keytool -genkeypair -keyalg EC -keysize 256 -sigalg SHA256withECDSA -keystore sslkeystore.jks -dname "keytool -genkeypair -keyalg RSA -keystore root.jks -dname "O=Bank A,L=London,C=GB" -storepass password -keypass password -alias root -ext bc:c" -alias cordaclientttls -storepass password -keypass password
keytool -keystore sslkeystore.jks -storepass password -alias cordaclienttls -certreq | keytool -keystore intermediate.jks -storepass password -alias intermediate -gencert -ext bc:0 -rfc > cordaclienttls.pem
type intermediate.pem cordaclienttls.pem > cordaclienttlschain.pem
keytool -keystore sslkeystore.jks -storepass password -alias cordaclienttls -importcert -file cordaclienttlschain.pem -noprompt
When it's done, I receive the error:
[main] internal.Node.run - Exception during node startup java.lang.IllegalArgumentException: No certificate chain under the alias cordaclienttls at net.corda.nodeapi.internal.crypto.X509KeyStore.getCertificateChain(X509KeyStore.kt:52) ~[corda-node-api-3.1.jar:?] at net.corda.node.internal.AbstractNode.validateKeystore(AbstractNode.kt:824) ~[corda-node-3.1.jar:?] at net.corda.node.internal.AbstractNode.initCertificate(AbstractNode.kt:240) ~[corda-node-3.1.jar:?] at net.corda.node.internal.AbstractNode.start(AbstractNode.kt:282) ~[corda-node-3.1.jar:?] at net.corda.node.internal.Node.start(Node.kt:387) ~[corda-node-3.1.jar:?] at net.corda.node.internal.EnterpriseNode.start(EnterpriseNode.kt:181) ~[corda-node-3.1.jar:?] at net.corda.node.internal.NodeStartup.startNode(NodeStartup.kt:270) ~[corda-node-3.1.jar:?] at net.corda.node.internal.NodeStartup.run(NodeStartup.kt:160) [corda-node-3.1.jar:?] at net.corda.node.Corda.main(Corda.kt:25) [corda-node-3.1.jar:?]
Next, I use the following code:
keytool -genkeypair -keyalg EC -keysize 256 -sigalg SHA256withECDSA -keystore root.jks -dname "O=Bank A,L=London,C=GB" -storepass password -keypass password -alias root -ext bc:c
keytool -keystore root.jks -storepass password -alias root -exportcert -rfc > root.pem
keytool -importkeystore -srckeystore root.jks -destkeystore truststore.jks -srcstorepass password -deststorepass password -srcalias root -destalias cordarootca
keytool -genkeypair -keyalg EC -keysize 256 -sigalg SHA256withECDSA -keystore intermediate.jks -dname "O=Bank A,L=London,C=GB" -storepass password -keypass password -alias intermediate -ext bc:c
keytool -keystore intermediate.jks -storepass password -alias intermediate -certreq | keytool -keystore root.jks -storepass password -alias root -gencert -ext bc:c -rfc > intermediate.pem
type root.pem intermediate.pem > intermediatecachain.pem
keytool -keystore intermediate.jks -storepass password -alias intermediate -importcert -file
intermediatecachain.pem -noprompt
keytool -keystore intermediate.jks -storepass password -alias intermediate -exportcert -rfc > intermediate.pem
keytool -genkeypair -keyalg EC -keysize 256 -sigalg SHA256withECDSA -keystore nodekeystore.jks -dname "O=Bank A,L=London,C=GB" -alias cordaclientca -storepass password -keypass password -ext bc:c
keytool -keystore nodekeystore.jks -storepass password -alias cordaclientca -certreq | keytool -keystore intermediate.jks -storepass password -alias intermediate -gencert -ext bc:c -rfc > cordaclientca.pem
type intermediate.pem cordaclientca.pem > cordaclientcachain.pem
keytool -keystore nodekeystore.jks -storepass password -alias cordaclientca -importcert -file cordaclientcachain.pem -noprompt
keytool -genkeypair -keyalg EC -keysize 256 -sigalg SHA256withECDSA -keystore sslkeystore.jks -dname "O=Bank A,L=London,C=GB" -alias cordaclienttls -storepass password -keypass password
keytool -keystore sslkeystore.jks -storepass password -alias cordaclienttls -certreq | keytool -keystore intermediate.jks -storepass password -alias intermediate -gencert -ext bc:0 -rfc > cordaclienttls.pem
type intermediate.pem cordaclienttls.pem > cordaclienttlschain.pem
keytool -keystore sslkeystore.jks -storepass password -alias cordaclienttls -importcert -file cordaclienttlschain.pem -noprompt
And get this error:
[main] internal.Node.run - Exception during node startup java.lang.IllegalArgumentException: TLS certificate must chain to the trusted root. at net.corda.node.internal.AbstractNode.validateKeystore(AbstractNode.kt:828) ~[corda-node-3.1.jar:?] at net.corda.node.internal.AbstractNode.initCertificate(AbstractNode.kt:240) ~[corda-node-3.1.jar:?] at net.corda.node.internal.AbstractNode.start(AbstractNode.kt:282) ~[corda-node-3.1.jar:?] at net.corda.node.internal.Node.start(Node.kt:387) ~[corda-node-3.1.jar:?] at net.corda.node.internal.EnterpriseNode.start(EnterpriseNode.kt:181) ~[corda-node-3.1.jar:?] at net.corda.node.internal.NodeStartup.startNode(NodeStartup.kt:270) ~[corda-node-3.1.jar:?] at net.corda.node.internal.NodeStartup.run(NodeStartup.kt:160) [corda-node-3.1.jar:?] at net.corda.node.Corda.main(Corda.kt:25) [corda-node-3.1.jar:?]
Anyone can tell me how to fix this problem?
Thank you.