So I got a little bit worried about this and just did some checks:
I created a key pair with
keytool -genkey -keyalg RSA -alias localhost -keystore selfsigned.jks -validity 365 -keysize 2048
every item was set to "localhost"
which gave me this
Enter keystore password:
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 1 entry
localhost, Apr 4, 2023, PrivateKeyEntry,
Certificate fingerprint (SHA-256): EA:70:F7:79:CB:DF:7E:6D:13:BE:61:AB:E3:CF:10:E6:78:99:22:DF:29:64:9B:8B:AE:EF:E1:94:FE:3A:2E:5D
Then started Metabase normally with the env vars:
- "MB_JETTY_SSL=true"
- "MB_JETTY_SSL_PORT=8443"
- "MB_JETTY_SSL_KEYSTORE=/app/selfsigned2.jks"
- "MB_JETTY_SSL_KEYSTORE_PASSWORD=storepass"
and everything worked. I just left the github repo with the working demo here:
So in this case, is it possible that there's something weird between the cert and the hostname?
also, can you try passing the following on the JAVA_OPTS=-Djetty.ssl.sniHostCheck=false