Metabase includes SSL variables for setting:
MB_JETTY_SSL_PORT
MB_JETTY_SSL_KEYSTORE
MB_JETTY_SSL_KEYSTORE_PASSWORD
But as far as I can tell there is no way to set Jetty’s KeystoreType. Is Metabase simply limiting keystore types to JKS? I have an existing PKCS12 I’d like to use and maintain.
Hi @catsdale
Seems like Metabase just uses the Jetty default, which is JKS, since it’s not defined.
https://github.com/metabase/metabase/blob/950d8fb88388d65bd17620355ee4e95428189daa/src/metabase/server.clj#L14-L21
You would have to convert PKCS12 to KeyStore format:
Use let's encrypt with Metabase (Java Webserver)
Thanks. I decided to just create a new store and keys for development purposes. I’ll probably do the same for production. But now I’m getting invalid password even thought keytool -list validates my keystore password. I’m giving it a few hours more and will just use a proxy if I can’t figure it out.
Edit: Okay it’s working now. The original issue is still happening (can’t set keystore type), but the password error was happening because I had set the keystore password in quotes- as in:
SET MB_JETTY_SSL_KEYSTORE_PASSWORD=“my_pwd123”
when it needs to be:(no quotes around password)
SET MB_JETTY_SSL_KEYSTORE_PASSWORD=my_pwd123