FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    SSL certificate settings when hosted on Windows

    Scheduled Pinned Locked Moved Solved
    Q&A
    2
    19
    2.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Scot
      last edited by

      With FusionAuth running on Windows, how should I format/escape the file path location of the fusionauth-app.https.certificate-file setting?
      I know sometimes \ might need to be swapped to / but none of the settings below worked.

      fusionauth-app.https.enabled=true
fusionauth-app.https-port=9013
fusionauth-app.https.port=9013
#fusionauth-app.https.certificate-file=%FUSIONAUTH_HOME%\config\host.test.example.com-chain.pem
#fusionauth-app.https.private-key-file=%FUSIONAUTH_HOME%\config\host.test.example.com-key.pem
fusionauth-app.https.certificate-#file=C:\ProgramData\FusionAuth\fusionauth\config\host.test.example.com-chain.pem
#fusionauth-app.https.private-key-file=C:\ProgramData\FusionAuth\fusionauth\config\host.test.example.com-key.pem
#fusionauth-app.https.certificate-file=c:\temp\host.test.example.com-chain.pem
#fusionauth-app.https.private-key-file=c:\temp\host.test.example.com-key.pem
#fusionauth-app.https.certificate-file=c:/temp/host.test.example.com-chain.pem
#fusionauth-app.https.private-key-file=c:/temp/host.test.example.com-key.pem
#fusionauth-app.https.certificate-file=c:\\temp\\host.test.example.com-chain.pem
#fusionauth-app.https.private-key-file=c:\\temp\\host.test.example.com-key.pem
#fusionauth-app.https.certificate-file=host.test.example.com-chain.pem
#fusionauth-app.https.private-key-file=host.test.example.com-key.pem
fusionauth-app.https.certificate=
fusionauth-app.https.private-key=
fusionauth-app.https.certificate=-----BEGIN CERTIFICATE-----\n\
MIIGDjCCBPagAwIBAgISAyxvjsihSN6W0rNUAY1fXcVGMA0GCSqGSIb3DQEBCwUA\n\
SDwmmTT0xfzFAQ41DxqWUgqB\n\
-----END CERTIFICATE-----\n\
-----BEGIN CERTIFICATE-----\n\
MIIFBjCCAu6gAwIBAgIRAIp9PhPWLzDvI4a9KQdrNPgwDQYJKoZIhvcNAQELBQAw\n\
uYkQ4omYCTX5ohy+knMjdOmdH9c7SpqEWBDC86fiNex+O0XOMEZSa8DA\n\
-----END CERTIFICATE-----\n
fusionauth-app.https.private-key=-----BEGIN RSA PRIVATE KEY-----\n\
MIIJJwIBAAKCAgEAhnEEn0OjBiXfQhfKTqWMRvrjUjidT/K6Av+/+B7DC62Yut+Q\n\
xsTJpAAfoblgR/f91kEHLs2kb9wZBqmscvIGxae6FP7B1mRZnTKZUglNHA==\n\
-----END RSA PRIVATE KEY-----\n

      The : \ characters in c:\ in particular cause an illegal character error.

      ===================================================================================================

  Unable to start the server. Here's why: 


[java.nio.file.InvalidPathException: Illegal char <> at index 23: C:ProgramDataFusionAuthusionauthconfighost.test.example.com-chain.pem] 
	-> [class java.nio.file.InvalidPathException] Illegal char <> at index 23: C:ProgramDataFusionAuthusionauthconfighost.test.example.com-chain.pem

===================================================================================================


2025-01-07 02:00:29.596 PM ERROR org.primeframework.mvc.guice.GuiceBootstrap - Unable to start the server. Exception: 

com.google.inject.CreationException: Unable to create injector, see the following errors:

1) [Guice/ErrorInjectingConstructor]: InvalidPathException: Illegal char <> at index 23: C:ProgramDataFusionAuthusionauthconfighost.test.example.com-chain.pem
  at DefaultFusionAuthConfiguration.<init>(DefaultFusionAuthConfiguration.java:89)
  at DefaultFusionAuthConfiguration.class(DefaultFusionAuthConfiguration.java:26)
  while locating DefaultFusionAuthConfiguration
  at FusionAuthInitialMaintenanceModeModule.configure(FusionAuthInitialMaintenanceModeModule.java:24)
  while locating InversoftConfiguration

Learn more:
  https://github.com/google/guice/wiki/ERROR_INJECTING_CONSTRUCTOR

2) [Guice/ErrorInjectingConstructor]: InvalidPathException: Illegal char <> at index 23: C:ProgramDataFusionAuthusionauthconfighost.test.example.com-chain.pem
  at DefaultFusionAuthConfiguration.<init>(DefaultFusionAuthConfiguration.java:89)
  at DefaultFusionAuthConfiguration.class(DefaultFusionAuthConfiguration.java:26)
  while locating DefaultFusionAuthConfiguration
  at FusionAuthInitialMaintenanceModeModule.configure(FusionAuthInitialMaintenanceModeModule.java:25)
  while locating FusionAuthConfiguration

Learn more:
  https://github.com/google/guice/wiki/ERROR_INJECTING_CONSTRUCTOR

2 errors
      mark.robustelliM 1 Reply Last reply Reply Quote 0
      • S
        Scot @mark.robustelli
        last edited by

        I needed to convert my private key from PKCS1 to PKCS8

        To convert from PKCS#1 to PKCS#8:
        openssl pkcs8 -topk8 -inform pem -in private_pkcs1.pem -outform pem -nocrypt -out private_pkcs8.pem

        PKCS#1 PEM-encoded private key by the markers used to delimit the base64 encoded data:
        -----BEGIN RSA PRIVATE KEY-----
        -----END RSA PRIVATE KEY-----

        Afterwards the PKCS#8 looks different like:
        -----BEGIN PRIVATE KEY-----
        -----END PRIVATE KEY-----

        from https://www.upsync.dev/2022/02/22/loading-a-rsa-private-key

        mark.robustelliM 1 Reply Last reply Reply Quote 0
        • mark.robustelliM
          mark.robustelli @Scot
          last edited by

          @Scot I can't say for 100% but could you quotes?
          fusionauth-app.https.certificate-file="C:\temp\host.test.example.com-chain.pem"

          S 2 Replies Last reply Reply Quote 0
          • S
            Scot @mark.robustelli
            last edited by

            With double quotes i received a similiar error

            fusionauth-app.https.certificate-file="C:\ProgramData\FusionAuth\fusionauth\config\host.test.example.com-chain.pem"
            fusionauth-app.https.private-key-file="C:\ProgramData\FusionAuth\fusionauth\config\host.test.example.com-key.pem"

            2025-01-08 10:22:57.749 AM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Loading FusionAuth configuration file [C:\ProgramData\FusionAuth\fusionauth\config\fusionauth.properties]
2025-01-08 10:22:57.776 AM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Loading FusionAuth configuration file [C:\ProgramData\FusionAuth\fusionauth\config\fusionauth.properties]
2025-01-08 10:22:57.781 AM ERROR org.primeframework.mvc.guice.GuiceBootstrap - 

===================================================================================================

  Unable to start the server. Here's why: 


[java.nio.file.InvalidPathException: Illegal char <"> at index 0: "C:ProgramDataFusionAuthusionauthconfighost.test.example.com-chain.pem"] 
	-> [class java.nio.file.InvalidPathException] Illegal char <"> at index 0: "C:ProgramDataFusionAuthusionauthconfighost.test.example.com-chain.pem"

===================================================================================================


2025-01-08 10:22:57.781 AM ERROR org.primeframework.mvc.guice.GuiceBootstrap - Unable to start the server. Exception: 

com.google.inject.CreationException: Unable to create injector, see the following errors:

1) [Guice/ErrorInjectingConstructor]: InvalidPathException: Illegal char <"> at index 0: "C:ProgramDataFusionAuthusionauthconfighost.test.example.com-chain.pem"
  at DefaultFusionAuthConfiguration.<init>(DefaultFusionAuthConfiguration.java:89)
  at DefaultFusionAuthConfiguration.class(DefaultFusionAuthConfiguration.java:26)
  while locating DefaultFusionAuthConfiguration
  at FusionAuthInitialMaintenanceModeModule.configure(FusionAuthInitialMaintenanceModeModule.java:24)
  while locating InversoftConfiguration
            1 Reply Last reply Reply Quote 0
            • S
              Scot @mark.robustelli
              last edited by

              the "illegal character" in the log looks different depending upon which text editor is used. As far as i can tell there is no unicode or hidden character at these locations.
              Capture.PNG

              Capture2.PNG

              mark.robustelliM 2 Replies Last reply Reply Quote 0
              • mark.robustelliM
                mark.robustelli @Scot
                last edited by

                This post is deleted!
                1 Reply Last reply Reply Quote 0
                • mark.robustelliM
                  mark.robustelli @Scot
                  last edited by mark.robustelli

                  @Scot After digging in a bit, I was able to successfully run the startup script with:
                  fusionauth-app.https.private-key-file=C:\ProgramData\FusionAuth\fusionauth\config\host.test.example.com-key.pem

                  If I try to run with:
                  fusionauth-app.https.private-key-file=C:\ProgramData\FusionAuth\fusionauth\config\host.test.example.com-key.pem

                  I get the ConvertFrom-StringData : parsing "C:\ProgramData\FusionAuth\fusionauth\config\host.test.example.com-key.pem" - Unrecognized
                  escape sequence \P.                   error.

                  I think the double backslashes work. After looking at your first post again, it looks like you are trying to use fusionauth-app.https.certificate. According to our docs, Note, this property will take precedence over fusionauth-app.https.certificate-file if both values are set and we don't need both.

                  For the purpose of troubleshooting, let's only use one. Let's start with the file. Clear out the values for the .certificate and .private-key and only populate the certificate-file and private-key-file. To be safe, let's remove all the commented one's out as well. Your config should look something like:

                  fusionauth-app.https.enabled=false
fusionauth-app.https.port=9013
fusionauth-app.https.certificate-file=C:\\temp\\host.test.example.com-key.pem
fusionauth-app.https.private-key-file=C:\\ProgramData\\FusionAuth\\fusionauth\\config\\host.test.example.com-key.pem
fusionauth-app.https.certificate=
fusionauth-app.https.private-key=

                  My instance spins up with that type of configuration. Let's see if yours does as well. Let me know how it goes.

                  S 1 Reply Last reply Reply Quote 0
                  • S
                    Scot @mark.robustelli
                    last edited by

                    with fusionauth-app.https.enabled=false i can access the website without ssl at http://host.test.example.com:9011/
                    Using these settings below https.enabled=true i can't access the website at https://host.test.example.com:9013/ or http://host.test.example.com:9011/ and i don't see anything that looks like an error in the log

                    fusionauth-app.https.enabled=true
fusionauth-app.https-port=9013
fusionauth-app.https.port=9013
fusionauth-app.https.certificate-file=c:\\temp\\host.test.example.com-chain.pem
fusionauth-app.https.private-key-file=c:\\temp\\host.test.example.com-key.pem
#fusionauth-app.https.certificate=
#fusionauth-app.https.private-key=

                    Log

                    2025-01-08 10:58:15.214 AM INFO  io.fusionauth.http.server.HTTPServer - HTTP server started successfully
2025-01-10 10:18:37.832 AM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Loading FusionAuth configuration file [C:\ProgramData\FusionAuth\fusionauth\config\fusionauth.properties]
2025-01-10 10:18:37.860 AM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Dynamically set property [fusionauth-app.url] set to [http://10.0.1.101:9011]
2025-01-10 10:18:37.862 AM INFO  com.inversoft.configuration.BasePropertiesFileInversoftConfiguration - 
  - Overriding default value of property [database.mysql.enforce-utf8mb4] with value [true]
  - Overriding default value of property [fusionauth-app.runtime-mode] with value [development]
  - Overriding default value of property [search.type] with value [database]

2025-01-10 10:18:37.904 AM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Loading FusionAuth configuration file [C:\ProgramData\FusionAuth\fusionauth\config\fusionauth.properties]
2025-01-10 10:18:37.906 AM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Dynamically set property [fusionauth-app.url] set to [http://10.0.1.101:9011]
2025-01-10 10:18:37.906 AM INFO  com.inversoft.configuration.BasePropertiesFileInversoftConfiguration - 
  - Overriding default value of property [database.mysql.enforce-utf8mb4] with value [true]
  - Overriding default value of property [fusionauth-app.runtime-mode] with value [development]
  - Overriding default value of property [search.type] with value [database]

2025-01-10 10:18:38.356 AM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Loading FusionAuth configuration file [C:\ProgramData\FusionAuth\fusionauth\config\fusionauth.properties]
2025-01-10 10:18:38.357 AM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Dynamically set property [fusionauth-app.url] set to [http://10.0.1.101:9011]
2025-01-10 10:18:38.358 AM INFO  com.inversoft.configuration.BasePropertiesFileInversoftConfiguration - 
  - Overriding default value of property [database.mysql.enforce-utf8mb4] with value [true]
  - Overriding default value of property [fusionauth-app.runtime-mode] with value [development]
  - Overriding default value of property [search.type] with value [database]

2025-01-10 10:18:38.506 AM INFO  com.inversoft.maintenance.MaintenanceModePoller - Poller started to Wait for configuration to be completed.
2025-01-10 10:18:38.508 AM INFO  io.fusionauth.app.primeframework.FusionHTTPContextAuthSetup - Initializing the FusionAuth HTTP Context.
2025-01-10 10:18:38.951 AM INFO  com.inversoft.maintenance.db.JDBCMaintenanceModeDatabaseService - [NwC8zg] Database Version [1.53.3]
2025-01-10 10:18:38.960 AM INFO  com.inversoft.maintenance.db.JDBCMaintenanceModeDatabaseService - [NwC8zg] Latest Migration Version [1.53.0]
2025-01-10 10:18:38.967 AM INFO  io.fusionauth.app.guice.FusionAuthModule - 

---------------------------------------------------------------------------------------------------------
--------------------------------- Starting FusionAuth version [1.53.3] ----------------------------------
---------------------------------------------------------------------------------------------------------

2025-01-10 10:18:39.300 AM INFO  io.fusionauth.api.plugin.guice.PluginModule - No plugins found
2025-01-10 10:18:39.503 AM INFO  io.fusionauth.api.service.system.NodeService - Node [1fd84161-bb33-4925-ac0d-e7682600a73c] started.
2025-01-10 10:18:40.211 AM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Loading FusionAuth configuration file [C:\ProgramData\FusionAuth\fusionauth\config\fusionauth.properties]
2025-01-10 10:18:40.213 AM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Dynamically set property [fusionauth-app.url] set to [http://10.0.1.101:9011]
2025-01-10 10:18:40.213 AM INFO  com.inversoft.configuration.BasePropertiesFileInversoftConfiguration - 
  - Overriding default value of property [database.mysql.enforce-utf8mb4] with value [true]
  - Overriding default value of property [fusionauth-app.runtime-mode] with value [development]
  - Overriding default value of property [search.type] with value [database]

2025-01-10 10:18:40.215 AM INFO  com.inversoft.jdbc.hikari.DataSourceProvider - Connecting to PostgreSQL database at [jdbc:postgresql://localhost:5432/fusionauth]
2025-01-10 10:18:40.229 AM INFO  com.zaxxer.hikari.HikariDataSource - Database-background - Starting...
2025-01-10 10:18:40.341 AM INFO  com.zaxxer.hikari.HikariDataSource - Database-background - Start completed.
2025-01-10 10:18:41.470 AM INFO  com.inversoft.jdbc.hikari.DataSourceProvider - Connecting to PostgreSQL database at [jdbc:postgresql://localhost:5432/fusionauth]
2025-01-10 10:18:41.471 AM INFO  com.zaxxer.hikari.HikariDataSource - Database-primary - Starting...
2025-01-10 10:18:41.543 AM INFO  com.zaxxer.hikari.pool.HikariPool - Database-primary - Added connection org.postgresql.jdbc.PgConnection@7d7ceca8
2025-01-10 10:18:41.544 AM INFO  com.zaxxer.hikari.HikariDataSource - Database-primary - Start completed.
2025-01-10 10:18:42.162 AM INFO  com.inversoft.jdbc.hikari.DataSourceProvider - Connecting to PostgreSQL database at [jdbc:postgresql://localhost:5432/fusionauth]
2025-01-10 10:18:42.163 AM INFO  com.zaxxer.hikari.HikariDataSource - Database-secondary - Starting...
2025-01-10 10:18:42.251 AM INFO  com.zaxxer.hikari.pool.HikariPool - Database-secondary - Added connection org.postgresql.jdbc.PgConnection@733f1395
2025-01-10 10:18:42.251 AM INFO  com.zaxxer.hikari.HikariDataSource - Database-secondary - Start completed.
2025-01-10 10:18:43.010 AM INFO  com.inversoft.scheduler.DefaultScheduler - Starting up scheduler
2025-01-10 10:18:43.011 AM INFO  com.inversoft.scheduler.DefaultScheduler - Scheduler is running
2025-01-10 10:18:43.175 AM INFO  io.fusionauth.api.service.system.NodeService - Node [1fd84161-bb33-4925-ac0d-e7682600a73c] with address [http://10.0.1.101:9011] removed because it has not checked in for the last [448] seconds. Bye node.
2025-01-10 10:18:43.188 AM INFO  io.fusionauth.api.service.system.NodeService - Node [1fd84161-bb33-4925-ac0d-e7682600a73c] added with address [http://10.0.1.101:9011]
2025-01-10 10:18:43.454 AM INFO  io.fusionauth.api.service.system.NodeService - Node [1fd84161-bb33-4925-ac0d-e7682600a73c] promoted to master at [2025-01-10T15:18:43.454476100Z], the previous master Node [216a8c2f-e65b-4f72-b8d1-c8386dc81a8f] had not checked in since [2025-01-10T15:09:42.929Z]
2025-01-10 10:18:43.470 AM INFO  com.inversoft.search.ElasticRestClientHelper - Connecting to Elasticsearch at [http://localhost:9021]
2025-01-10 10:18:43.719 AM INFO  com.inversoft.search.ElasticRestClientHelper - Connecting to Elasticsearch at [http://localhost:9021]
2025-01-10 10:18:44.232 AM INFO  io.fusionauth.app.primeframework.FusionHTTPContextAuthSetup - Initializing the FusionAuth HTTP Context.
                    mark.robustelliM 1 Reply Last reply Reply Quote 0
                    • mark.robustelliM
                      mark.robustelli @Scot
                      last edited by mark.robustelli

                      @Scot said in SSL certificate settings when hosted on Windows:

                      i can't access the website at

                      What message do you get from the browser? When you go to http://10.0.1.101:9011 are you able to see the application?

                      I notices you have:

                      fusionauth-app.https-port=9013
fusionauth-app.https.port=9013

                      listed twice. Let me know the message you are getting in the browser and get the duplicate cleared up and we will try to do from there.

                      Just to be clear, the double backslashes work when we cleaned up the config file right? You are at least able to get the server running.

                      S 1 Reply Last reply Reply Quote 0
                      • S
                        Scot
                        last edited by

                        #fusionauth-app.https.enabled=TRUE

                        • The configuration property [fusionauth-app.https.enabled] of [TRUE] is not valid. It must be either [true] or [false].
                        mark.robustelliM 1 Reply Last reply Reply Quote 0
                        • mark.robustelliM
                          mark.robustelli @Scot
                          last edited by

                          @Scot Does that mean you got it working?

                          S 1 Reply Last reply Reply Quote 0
                          • S
                            Scot @mark.robustelli
                            last edited by

                            @mark-robustelli

                            HTTPS enabled true

                            httpS.TruePNG.PNG

                            fusionauth-app.https.enabled=true
fusionauth-app.https.port=9013
fusionauth-app.https.certificate-file=c:\\temp\\host.test.example.com-chain.pem
fusionauth-app.https.private-key-file=c:\\temp\\host.test.example.com-key.pem
fusionauth-app.https.certificate=
fusionauth-app.https.private-key=

                            Log

                            2025-01-10 02:56:20.093 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Loading FusionAuth configuration file [C:\ProgramData\FusionAuth\fusionauth\config\fusionauth.properties]
2025-01-10 02:56:20.124 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Dynamically set property [fusionauth-app.url] set to [http://10.0.1.101:9011]
2025-01-10 02:56:20.126 PM INFO  com.inversoft.configuration.BasePropertiesFileInversoftConfiguration - 
  - Overriding default value of property [database.mysql.enforce-utf8mb4] with value [true]
  - Overriding default value of property [fusionauth-app.runtime-mode] with value [development]
  - Overriding default value of property [search.type] with value [database]

2025-01-10 02:56:20.168 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Loading FusionAuth configuration file [C:\ProgramData\FusionAuth\fusionauth\config\fusionauth.properties]
2025-01-10 02:56:20.169 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Dynamically set property [fusionauth-app.url] set to [http://10.0.1.101:9011]
2025-01-10 02:56:20.170 PM INFO  com.inversoft.configuration.BasePropertiesFileInversoftConfiguration - 
  - Overriding default value of property [database.mysql.enforce-utf8mb4] with value [true]
  - Overriding default value of property [fusionauth-app.runtime-mode] with value [development]
  - Overriding default value of property [search.type] with value [database]

2025-01-10 02:56:20.584 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Loading FusionAuth configuration file [C:\ProgramData\FusionAuth\fusionauth\config\fusionauth.properties]
2025-01-10 02:56:20.585 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Dynamically set property [fusionauth-app.url] set to [http://10.0.1.101:9011]
2025-01-10 02:56:20.585 PM INFO  com.inversoft.configuration.BasePropertiesFileInversoftConfiguration - 
  - Overriding default value of property [database.mysql.enforce-utf8mb4] with value [true]
  - Overriding default value of property [fusionauth-app.runtime-mode] with value [development]
  - Overriding default value of property [search.type] with value [database]

2025-01-10 02:56:20.758 PM INFO  com.inversoft.maintenance.MaintenanceModePoller - Poller started to Wait for configuration to be completed.
2025-01-10 02:56:20.760 PM INFO  io.fusionauth.app.primeframework.FusionHTTPContextAuthSetup - Initializing the FusionAuth HTTP Context.
2025-01-10 02:56:21.226 PM INFO  com.inversoft.maintenance.db.JDBCMaintenanceModeDatabaseService - [yXlWpw] Database Version [1.53.3]
2025-01-10 02:56:21.236 PM INFO  com.inversoft.maintenance.db.JDBCMaintenanceModeDatabaseService - [yXlWpw] Latest Migration Version [1.53.0]
2025-01-10 02:56:21.245 PM INFO  io.fusionauth.app.guice.FusionAuthModule - 

---------------------------------------------------------------------------------------------------------
--------------------------------- Starting FusionAuth version [1.53.3] ----------------------------------
---------------------------------------------------------------------------------------------------------

2025-01-10 02:56:21.547 PM INFO  io.fusionauth.api.plugin.guice.PluginModule - No plugins found
2025-01-10 02:56:21.710 PM INFO  io.fusionauth.api.service.system.NodeService - Node [3f35032b-179b-467e-90dc-acc16bb13b80] started.
2025-01-10 02:56:22.375 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Loading FusionAuth configuration file [C:\ProgramData\FusionAuth\fusionauth\config\fusionauth.properties]
2025-01-10 02:56:22.376 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Dynamically set property [fusionauth-app.url] set to [http://10.0.1.101:9011]
2025-01-10 02:56:22.377 PM INFO  com.inversoft.configuration.BasePropertiesFileInversoftConfiguration - 
  - Overriding default value of property [database.mysql.enforce-utf8mb4] with value [true]
  - Overriding default value of property [fusionauth-app.runtime-mode] with value [development]
  - Overriding default value of property [search.type] with value [database]

2025-01-10 02:56:22.378 PM INFO  com.inversoft.jdbc.hikari.DataSourceProvider - Connecting to PostgreSQL database at [jdbc:postgresql://localhost:5432/fusionauth]
2025-01-10 02:56:22.391 PM INFO  com.zaxxer.hikari.HikariDataSource - Database-background - Starting...
2025-01-10 02:56:22.491 PM INFO  com.zaxxer.hikari.HikariDataSource - Database-background - Start completed.
2025-01-10 02:56:23.423 PM INFO  com.inversoft.jdbc.hikari.DataSourceProvider - Connecting to PostgreSQL database at [jdbc:postgresql://localhost:5432/fusionauth]
2025-01-10 02:56:23.424 PM INFO  com.zaxxer.hikari.HikariDataSource - Database-primary - Starting...
2025-01-10 02:56:23.493 PM INFO  com.zaxxer.hikari.pool.HikariPool - Database-primary - Added connection org.postgresql.jdbc.PgConnection@625487a6
2025-01-10 02:56:23.494 PM INFO  com.zaxxer.hikari.HikariDataSource - Database-primary - Start completed.
2025-01-10 02:56:23.996 PM INFO  com.inversoft.jdbc.hikari.DataSourceProvider - Connecting to PostgreSQL database at [jdbc:postgresql://localhost:5432/fusionauth]
2025-01-10 02:56:23.996 PM INFO  com.zaxxer.hikari.HikariDataSource - Database-secondary - Starting...
2025-01-10 02:56:24.173 PM INFO  com.zaxxer.hikari.pool.HikariPool - Database-secondary - Added connection org.postgresql.jdbc.PgConnection@6c8f4bc7
2025-01-10 02:56:24.174 PM INFO  com.zaxxer.hikari.HikariDataSource - Database-secondary - Start completed.
2025-01-10 02:56:24.957 PM INFO  com.inversoft.scheduler.DefaultScheduler - Starting up scheduler
2025-01-10 02:56:24.958 PM INFO  com.inversoft.scheduler.DefaultScheduler - Scheduler is running
2025-01-10 02:56:25.104 PM INFO  io.fusionauth.api.service.system.NodeService - Node [3f35032b-179b-467e-90dc-acc16bb13b80] with address [http://10.0.1.101:9011] removed because it has not checked in for the last [1467] seconds. Bye node.
2025-01-10 02:56:25.113 PM INFO  io.fusionauth.api.service.system.NodeService - Node [3f35032b-179b-467e-90dc-acc16bb13b80] added with address [http://10.0.1.101:9011]
2025-01-10 02:56:25.343 PM INFO  io.fusionauth.api.service.system.NodeService - Node [3f35032b-179b-467e-90dc-acc16bb13b80] promoted to master at [2025-01-10T19:56:25.343769700Z], the previous master Node [991e0670-8fc3-4062-b39a-cf6cbb7ebdae] had not checked in since [2025-01-10T19:31:48.166Z]
2025-01-10 02:56:25.357 PM INFO  com.inversoft.search.ElasticRestClientHelper - Connecting to Elasticsearch at [http://localhost:9021]
2025-01-10 02:56:25.570 PM INFO  com.inversoft.search.ElasticRestClientHelper - Connecting to Elasticsearch at [http://localhost:9021]
2025-01-10 02:56:26.017 PM INFO  io.fusionauth.app.primeframework.FusionHTTPContextAuthSetup - Initializing the FusionAuth HTTP Context.
                            1 Reply Last reply Reply Quote 0
                            • S
                              Scot
                              last edited by

                              As a control the FusionAuth website does work with https disabled, but I'm needing to enable https SSL with a certificate.

                              http_only.PNG

                              fusionauth-app.https.enabled=false
fusionauth-app.https.port=9013
fusionauth-app.https.certificate-file=c:\\temp\\host.test.example.com-chain.pem
fusionauth-app.https.private-key-file=c:\\temp\\host.test.example.com-key.pem
fusionauth-app.https.certificate=
fusionauth-app.https.private-key=

                              2025-01-10 03:07:02.462 PM INFO  io.fusionauth.api.service.system.NodeService - Node [7216cbf4-eca1-4e63-9cc2-94a1e42fe0fb] promoted to master at [2025-01-10T20:07:02.462971400Z], the previous master Node [3f35032b-179b-467e-90dc-acc16bb13b80] had not checked in since [2025-01-10T19:59:20.025Z]
2025-01-10 03:07:24.691 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Loading FusionAuth configuration file [C:\ProgramData\FusionAuth\fusionauth\config\fusionauth.properties]
2025-01-10 03:07:24.715 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Dynamically set property [fusionauth-app.url] set to [http://10.0.1.101:9011]
2025-01-10 03:07:24.717 PM INFO  com.inversoft.configuration.BasePropertiesFileInversoftConfiguration - 
  - Overriding default value of property [database.mysql.enforce-utf8mb4] with value [true]
  - Overriding default value of property [fusionauth-app.runtime-mode] with value [development]
  - Overriding default value of property [search.type] with value [database]

2025-01-10 03:07:24.759 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Loading FusionAuth configuration file [C:\ProgramData\FusionAuth\fusionauth\config\fusionauth.properties]
2025-01-10 03:07:24.761 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Dynamically set property [fusionauth-app.url] set to [http://10.0.1.101:9011]
2025-01-10 03:07:24.762 PM INFO  com.inversoft.configuration.BasePropertiesFileInversoftConfiguration - 
  - Overriding default value of property [database.mysql.enforce-utf8mb4] with value [true]
  - Overriding default value of property [fusionauth-app.runtime-mode] with value [development]
  - Overriding default value of property [search.type] with value [database]

2025-01-10 03:07:25.165 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Loading FusionAuth configuration file [C:\ProgramData\FusionAuth\fusionauth\config\fusionauth.properties]
2025-01-10 03:07:25.166 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Dynamically set property [fusionauth-app.url] set to [http://10.0.1.101:9011]
2025-01-10 03:07:25.167 PM INFO  com.inversoft.configuration.BasePropertiesFileInversoftConfiguration - 
  - Overriding default value of property [database.mysql.enforce-utf8mb4] with value [true]
  - Overriding default value of property [fusionauth-app.runtime-mode] with value [development]
  - Overriding default value of property [search.type] with value [database]

2025-01-10 03:07:25.329 PM INFO  com.inversoft.maintenance.MaintenanceModePoller - Poller started to Wait for configuration to be completed.
2025-01-10 03:07:25.330 PM INFO  io.fusionauth.app.primeframework.FusionHTTPContextAuthSetup - Initializing the FusionAuth HTTP Context.
2025-01-10 03:07:25.779 PM INFO  com.inversoft.maintenance.db.JDBCMaintenanceModeDatabaseService - [kZQLpw] Database Version [1.53.3]
2025-01-10 03:07:25.789 PM INFO  com.inversoft.maintenance.db.JDBCMaintenanceModeDatabaseService - [kZQLpw] Latest Migration Version [1.53.0]
2025-01-10 03:07:25.796 PM INFO  io.fusionauth.app.guice.FusionAuthModule - 

---------------------------------------------------------------------------------------------------------
--------------------------------- Starting FusionAuth version [1.53.3] ----------------------------------
---------------------------------------------------------------------------------------------------------

2025-01-10 03:07:26.092 PM INFO  io.fusionauth.api.plugin.guice.PluginModule - No plugins found
2025-01-10 03:07:26.245 PM INFO  io.fusionauth.api.service.system.NodeService - Node [bf1c5349-de31-4f27-a17b-d998d9348c7c] started.
2025-01-10 03:07:26.866 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Loading FusionAuth configuration file [C:\ProgramData\FusionAuth\fusionauth\config\fusionauth.properties]
2025-01-10 03:07:26.867 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Dynamically set property [fusionauth-app.url] set to [http://10.0.1.101:9011]
2025-01-10 03:07:26.868 PM INFO  com.inversoft.configuration.BasePropertiesFileInversoftConfiguration - 
  - Overriding default value of property [database.mysql.enforce-utf8mb4] with value [true]
  - Overriding default value of property [fusionauth-app.runtime-mode] with value [development]
  - Overriding default value of property [search.type] with value [database]

2025-01-10 03:07:26.869 PM INFO  com.inversoft.jdbc.hikari.DataSourceProvider - Connecting to PostgreSQL database at [jdbc:postgresql://localhost:5432/fusionauth]
2025-01-10 03:07:26.881 PM INFO  com.zaxxer.hikari.HikariDataSource - Database-background - Starting...
2025-01-10 03:07:27.087 PM INFO  com.zaxxer.hikari.HikariDataSource - Database-background - Start completed.
2025-01-10 03:07:27.988 PM INFO  com.inversoft.jdbc.hikari.DataSourceProvider - Connecting to PostgreSQL database at [jdbc:postgresql://localhost:5432/fusionauth]
2025-01-10 03:07:27.989 PM INFO  com.zaxxer.hikari.HikariDataSource - Database-primary - Starting...
2025-01-10 03:07:28.063 PM INFO  com.zaxxer.hikari.pool.HikariPool - Database-primary - Added connection org.postgresql.jdbc.PgConnection@5d2a86c0
2025-01-10 03:07:28.064 PM INFO  com.zaxxer.hikari.HikariDataSource - Database-primary - Start completed.
2025-01-10 03:07:28.542 PM INFO  com.inversoft.jdbc.hikari.DataSourceProvider - Connecting to PostgreSQL database at [jdbc:postgresql://localhost:5432/fusionauth]
2025-01-10 03:07:28.544 PM INFO  com.zaxxer.hikari.HikariDataSource - Database-secondary - Starting...
2025-01-10 03:07:28.615 PM INFO  com.zaxxer.hikari.pool.HikariPool - Database-secondary - Added connection org.postgresql.jdbc.PgConnection@1132baa3
2025-01-10 03:07:28.615 PM INFO  com.zaxxer.hikari.HikariDataSource - Database-secondary - Start completed.
2025-01-10 03:07:29.361 PM INFO  com.inversoft.scheduler.DefaultScheduler - Starting up scheduler
2025-01-10 03:07:29.362 PM INFO  com.inversoft.scheduler.DefaultScheduler - Scheduler is running
2025-01-10 03:07:29.500 PM INFO  io.fusionauth.api.service.system.NodeService - Node [bf1c5349-de31-4f27-a17b-d998d9348c7c] added with address [http://10.0.1.101:9011]
2025-01-10 03:07:29.775 PM INFO  com.inversoft.search.ElasticRestClientHelper - Connecting to Elasticsearch at [http://localhost:9021]
2025-01-10 03:07:30.043 PM INFO  com.inversoft.search.ElasticRestClientHelper - Connecting to Elasticsearch at [http://localhost:9021]
2025-01-10 03:07:30.140 PM INFO  io.fusionauth.app.primeframework.FusionHTTPContextAuthSetup - Initializing the FusionAuth HTTP Context.
2025-01-10 03:07:30.327 PM INFO  org.primeframework.mvc.PrimeMVCRequestHandler - Initializing Prime
2025-01-10 03:07:30.328 PM INFO  org.primeframework.mvc.PrimeMVCRequestHandler - Initializing Prime
2025-01-10 03:07:30.329 PM INFO  io.fusionauth.http.server.HTTPServer - Starting the HTTP server. Buckle up!
2025-01-10 03:07:30.333 PM INFO  io.fusionauth.http.server.HTTPServer - HTTP server listening on port [9011]
2025-01-10 03:07:30.334 PM INFO  io.fusionauth.http.server.HTTPServer - HTTP server started successfully
2025-01-10 03:07:30.334 PM INFO  io.fusionauth.http.server.HTTPServer - Starting the HTTP server. Buckle up!
2025-01-10 03:07:30.335 PM INFO  io.fusionauth.http.server.HTTPServer - HTTP server listening on port [9012]
2025-01-10 03:07:30.335 PM INFO  io.fusionauth.http.server.HTTPServer - HTTP server started successfully
2025-01-10 03:08:07.149 PM INFO  io.fusionauth.api.service.system.NodeService - Node [bf1c5349-de31-4f27-a17b-d998d9348c7c] with address [http://10.0.1.101:9011] removed because it has not checked in for the last [77] seconds. Bye node.
                              1 Reply Last reply Reply Quote 0
                              • S
                                Scot @mark.robustelli
                                last edited by

                                @mark-robustelli said in SSL certificate settings when hosted on Windows:

                                @Scot Does that mean you got it working?

                                No its still not working for me. I was trying to emphasize TRUE with uppercase letters in the settings i'm testing, but then ran into the issues that FusionAuth's settings are Case-sensitive and must be lowercase.

                                mark.robustelliM 2 Replies Last reply Reply Quote 0
                                • mark.robustelliM
                                  mark.robustelli @Scot
                                  last edited by

                                  @Scot I found these two previous posts that mention this may not be the best way to go.

                                  how to change port no. 9011 (fusionauth) to 80 or any port like 443 is it possible

                                  and

                                  Is it possible to set up SSL for fusionauth directly?

                                  Now, both those posts are older, but I know I have had success running with nginx so wanted to that out there if it may help.

                                  All that being said, you should be able to do what it appears you are trying to do. I hope to have some time this weekend to see if I can get it going. I will let you know what I find. If you find something before then, please let me know.

                                  1 Reply Last reply Reply Quote 0
                                  • mark.robustelliM
                                    mark.robustelli @Scot
                                    last edited by mark.robustelli

                                    @Scot OK, I got this fully working. This is going to be a long post, but I will try to be as detailed as possible. I would recommend testing with this and see if you can get it going. I did a lot of testing and one of the things I noticed was that the keys have to be in the right format. I would get it running like this. Then substitute your keys and see if it works. If not, there may be something off with them. Let me know how it goes.

                                    And I will say this for anyone reading. DO NOT USE THE CERTS IN THIS POST IN PRODUCTION. I WOULD NOT EVEN USE IT BEYOND THIS INITAL TEST. THE WHOLE WORLD CAN SEE THE PRIVATE KEY.

                                    Step 1: Install and run OpenSSL (I just added C:\Program Files\Git\usr\bin\ to my Path) openssl.exe

                                    Step 2: Generate the root private key
                                    (Running Powershell as Administrator)
                                    I created a new folder under the C:\fusionauth folder named "cert"
                                    cd C:\fusionauth\cert
                                    Ran this command
                                    openssl genrsa -out fatest5.key 4096

                                    Step 3: Create a self-signed certificate
                                    in the C:\fusionauth\cert folder run this command:
                                    openssl req -x509 -new -addext "subjectAltName=DNS:localhost,DNS:.localhost,IP:10.0.0.1" -nodes -key fatest5.key -days 3650 -out fatest5.pem*

                                    Note:
                                    The first time I ran this, I received "Can't open "C:\Program Files (x86)\PostgreSQL\psqlODBC\etc\openssl.cnf" for reading, No such file or directory"

                                    I executed the following and then retried creating the certificat i.e. openssl req ....
                                    needed $env:OPENSSL_CONF = ''

                                    I was asked for some input and here are the values I used. I image you could enter whatever you want.

                                    Country Name (2 letter code) [AU]:US
                                    State or Province Name (full name) [Some-State]:CO
                                    Locality Name (eg, city) []:Denver
                                    Organization Name (eg, company) [Internet Widgits Pty Ltd]:FATest
                                    Organizational Unit Name (eg, section) []:FATestUnit
                                    Common Name (e.g. server FQDN or YOUR name) []:localhost
                                    Email Address []:none@example.com

                                    Step 4: Verify the following files exist
                                    C:\fusionauth\cert\fatest5.key (See Below for text of files from my example)
                                    C:\fusionauth\cert\fatest5.pem (See Below for text of files from my example)

                                    Optional Step 4.5
                                    Import C:\fusionauth\cert\fatest5.pem to your Trusted Root Certification Authorties

                                    This is not required but your browser may complain that the certificate is invalid when you go to check running site. The scope of the import is beyond this issue, but if you need help doing so just let me know.

                                    Step 5: Edit Config file (I used Notepad++)
                                    C:\fusionauth\config\fusionauth.properties (full text below)

                                    fusionauth-app.https.enabled=true
fusionauth-app.https.port=9013
fusionauth-app.https.certificate-file=C:\\fusionauth\\cert\\fatest5.pem
fusionauth-app.https.private-key-file=C:\\fusionauth\\cert\\fatest5.key
fusionauth-app.https.certificate=
fusionauth-app.https.private-key=

                                    Step6: Start FusionAuth
                                    PS C:\fusionauth\bin> .\startup.ps1

                                    A small note, when using the cert, the spin up time took a bit longer, up to a couple of minutes.

                                    Step 7: Verify
                                    Visit https://locaIlhost:9013

                                    More Notes
                                    It took a while to realize that it took longer to spin up with the https enabled.

                                    with it disabled the log looks a bit like this.

                                    2025-01-10 03:55:40.318 PM INFO  io.fusionauth.app.primeframework.FusionHTTPContextAuthSetup - Initializing the FusionAuth HTTP Context.
2025-01-10 03:55:40.727 PM INFO  org.primeframework.mvc.PrimeMVCRequestHandler - Initializing Prime
2025-01-10 03:55:40.729 PM INFO  org.primeframework.mvc.PrimeMVCRequestHandler - Initializing Prime
2025-01-10 03:55:40.729 PM INFO  io.fusionauth.http.server.HTTPServer - Starting the HTTP server. Buckle up!
2025-01-10 03:55:40.738 PM INFO  io.fusionauth.http.server.HTTPServer - HTTP server listening on port [9011]
2025-01-10 03:55:40.739 PM INFO  io.fusionauth.http.server.HTTPServer - HTTP server started successfully
2025-01-10 03:55:40.739 PM INFO  io.fusionauth.http.server.HTTPServer - Starting the HTTP server. Buckle up!
2025-01-10 03:55:40.741 PM INFO  io.fusionauth.http.server.HTTPServer - HTTP server listening on port [9012]
2025-01-10 03:55:40.741 PM INFO  io.fusionauth.http.server.HTTPServer - HTTP server started successfully

                                    Notice the HTTP server listening on the ports almost directly after the Initalizing the FusionAuth HTTP Context event.

                                    with https enabled the log looked more like this.

                                    2025-01-11 10:42:30.965 AM INFO  io.fusionauth.app.primeframework.FusionHTTPContextAuthSetup - Initializing the FusionAuth HTTP Context.
2025-01-11 10:42:31.460 AM INFO  com.inversoft.maintenance.db.JDBCMaintenanceModeDatabaseService - [6TjvHw] Database Version [1.55.1]
2025-01-11 10:42:31.476 AM INFO  com.inversoft.maintenance.db.JDBCMaintenanceModeDatabaseService - [6TjvHw] Latest Migration Version [1.55.1]
2025-01-11 10:42:31.492 AM INFO  io.fusionauth.app.guice.FusionAuthModule - 

---------------------------------------------------------------------------------------------------------
--------------------------------- Starting FusionAuth version [1.55.1] ----------------------------------
---------------------------------------------------------------------------------------------------------

2025-01-11 10:42:32.025 AM INFO  io.fusionauth.api.plugin.guice.PluginModule - No plugins found
2025-01-11 10:42:32.437 AM INFO  io.fusionauth.api.service.system.NodeService - Node [0de0a155-c322-431a-bb37-7dd5f8920846] started.
2025-01-11 10:42:33.547 AM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Loading FusionAuth configuration file [C:\fusionauth\config\fusionauth.properties]
2025-01-11 10:42:33.562 AM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Dynamically set property [fusionauth-app.url] set to [http://10.211.55.3:9011]
2025-01-11 10:42:33.562 AM INFO  com.inversoft.configuration.BasePropertiesFileInversoftConfiguration - 
  - Overriding default value of property [database.mysql.enforce-utf8mb4] with value [true]
  - Overriding default value of property [fusionauth-app.runtime-mode] with value [development]
  - Overriding default value of property [search.type] with value [database]

2025-01-11 10:42:33.562 AM INFO  com.inversoft.jdbc.hikari.DataSourceProvider - Connecting to PostgreSQL database at [jdbc:postgresql://localhost:5432/fusionauth]
2025-01-11 10:42:33.593 AM INFO  com.zaxxer.hikari.HikariDataSource - Database-background - Starting...
2025-01-11 10:42:33.690 AM INFO  com.zaxxer.hikari.HikariDataSource - Database-background - Start completed.
2025-01-11 10:42:37.990 AM INFO  com.inversoft.jdbc.hikari.DataSourceProvider - Connecting to PostgreSQL database at [jdbc:postgresql://localhost:5432/fusionauth]
2025-01-11 10:42:37.990 AM INFO  com.zaxxer.hikari.HikariDataSource - Database-primary - Starting...
2025-01-11 10:42:38.101 AM INFO  com.zaxxer.hikari.pool.HikariPool - Database-primary - Added connection org.postgresql.jdbc.PgConnection@58c42c8c
2025-01-11 10:42:38.101 AM INFO  com.zaxxer.hikari.HikariDataSource - Database-primary - Start completed.
2025-01-11 10:42:39.830 AM INFO  com.inversoft.jdbc.hikari.DataSourceProvider - Connecting to PostgreSQL database at [jdbc:postgresql://localhost:5432/fusionauth]
2025-01-11 10:42:39.846 AM INFO  com.zaxxer.hikari.HikariDataSource - Database-secondary - Starting...
2025-01-11 10:42:39.906 AM INFO  com.zaxxer.hikari.pool.HikariPool - Database-secondary - Added connection org.postgresql.jdbc.PgConnection@74431b9c
2025-01-11 10:42:39.906 AM INFO  com.zaxxer.hikari.HikariDataSource - Database-secondary - Start completed.
2025-01-11 10:42:41.065 AM INFO  com.inversoft.scheduler.DefaultScheduler - Starting up scheduler
2025-01-11 10:42:41.065 AM INFO  com.inversoft.scheduler.DefaultScheduler - Scheduler is running
2025-01-11 10:42:41.384 AM INFO  io.fusionauth.api.service.system.NodeService - Node [0de0a155-c322-431a-bb37-7dd5f8920846] added with address [http://10.211.55.3:9011]
2025-01-11 10:42:41.847 AM INFO  com.inversoft.search.ElasticRestClientHelper - Connecting to Elasticsearch at [http://localhost:9021]
2025-01-11 10:42:42.206 AM INFO  com.inversoft.search.ElasticRestClientHelper - Connecting to Elasticsearch at [http://localhost:9021]
2025-01-11 10:42:42.414 AM INFO  io.fusionauth.app.primeframework.FusionHTTPContextAuthSetup - Initializing the FusionAuth HTTP Context.
2025-01-11 10:42:42.774 AM INFO  org.primeframework.mvc.PrimeMVCRequestHandler - Initializing Prime
2025-01-11 10:42:42.774 AM INFO  org.primeframework.mvc.PrimeMVCRequestHandler - Initializing Prime
2025-01-11 10:42:42.774 AM INFO  org.primeframework.mvc.PrimeMVCRequestHandler - Initializing Prime
2025-01-11 10:42:42.774 AM INFO  io.fusionauth.http.server.HTTPServer - Starting the HTTP server. Buckle up!
2025-01-11 10:42:42.774 AM INFO  io.fusionauth.http.server.HTTPServer - HTTP server listening on port [9011]
2025-01-11 10:42:42.774 AM INFO  io.fusionauth.http.server.HTTPServer - HTTP server started successfully
2025-01-11 10:42:42.774 AM INFO  io.fusionauth.http.server.HTTPServer - Starting the HTTP server. Buckle up!
2025-01-11 10:42:42.789 AM INFO  io.fusionauth.http.server.HTTPServer - HTTP server listening on port [9012]
2025-01-11 10:42:42.789 AM INFO  io.fusionauth.http.server.HTTPServer - HTTP server started successfully
2025-01-11 10:42:42.789 AM INFO  io.fusionauth.http.server.HTTPServer - Starting the HTTP server. Buckle up!
2025-01-11 10:42:42.797 AM INFO  io.fusionauth.http.server.HTTPServer - HTTP server listening on port [9013]
2025-01-11 10:42:42.798 AM INFO  io.fusionauth.http.server.HTTPServer - HTTP server started successfully

                                    Notice the delay between the Initializing the FusionAuth HTTP Context and HTTP server started successfully. Only about 12 seconds here, but in testing I saw longer too.

                                    !You should never share your private key! I am no longer using it and deleting this key so I am not worried about sharing.!

                                    //////////////////// fatest5.key contents Start /////////////////////

                                    -----BEGIN PRIVATE KEY-----
MIIJQAIBADANBgkqhkiG9w0BAQEFAASCCSowggkmAgEAAoICAQC0QvlKHp/7NZAv
+FYHUa5ZmdafbN7d/OvqWGGNTlKebZT9t6iXgqU9AZgr7SlkoIrDr8iNFXCEb7N+
+2flCws7kCYq/IsZs2hjYy2K/6HH3xrjEvn772csR0CvR4AqEpq7dgBulKX0Y7MO
W4XWwohsd07ijScjySBcE9mPVsq95EIZiRZCEhfkdGblg9mArWuEgEaB38BeJeqi
lNE+1Rx5wyOW0mIdPd5C9vvkenX+KTd39fEZ27mxjpbIJ8Ue57kLERRoAoXtk5aL
0/bVAukvB4BZl2CZyOmMErTsIZyk5benQPPynoGXePNFWiaZ0sd0cb+7qWvnf7lo
HNcEAIvIMf+f1BA5acp37eyMu//UIUSQM7A46c7J9CD3sGhw3sFmpiCyA8PaCPN7
2XEvOAJwpprDCE91sR2BjUq7jK1SpL63px37Nw3iGKlvWqcl02KlJBvyU0ElrVUX
t7c8hToLa+GHjeDE1dgi7MH0wLfTLQsGbPpgtb9sVcM+PdWyYe+3XPM/rOe2K1ee
xIK9qM8nNQbjLsRPdkVx+/GvXbK1/w0qFuBKiZLaGlkRTnCfOTOGLMcWRizccsgB
alb5aFmAHY2tBZdow2siNl3iabh7ExwkXGH2lcVJIApHmQxZN02EMlQScQyANYKn
zw/LzQTykKkYFXqFoCydPKdU2OJLIQIDAQABAoICAAD0DJilmMDPwrzrtTQDxLpf
5L+GKEe0E/Dy3aV1Qkzo4UOOHVDLj71W0wnKrtQTwKceOKc1G4myQ+ioSodmuYUD
py2FlVRd/1+c73GBdob5qz0joVWBmaX9dJpGtG74hyemFSSQkf/8195b2d1h3Q4G
i6DpaGFNOcft4ZHzVnY2kQpMuCTCXuyqCE4m/lNCu4eNZH4Q53XyATOh2glRIAXl
dCSC1WKwZEq+LtTpiEKnT/YhG4DImYrWsU3CvtVJ+j+0k/MkvgXEmMSBmv/bdI1v
dqB2q1PF4RUQ52K7LuZ8+eWjM3UTTTX2dXImut738z7GkBodYEsOqQXDxwf0Cyky
H011gyGTQxiOPpuDUkCZtZRiu50nTAZU4aUGnMbwfUh9xdiWVs6V7Z8werbrVBeZ
yewQuAyi8uzaHDwBHXZlITm/Sw7N5CFjJPjhWkwTa9r3YcWmfGgIlhig5CSs8rq9
/BfBKZlJr17cpagaRV6O48IWShq35qNy3c4A1zVDmCAkAZ60/dwsGVye/CG0V1g4
ipQO16s8eku5cwrXfUCuLOxog8i9AgiGb92BF6QE6sRxuRuM1I6oF2CC5PWrOxXQ
422xxxRUYEZFZw/PN3zZA6UzLIh6ISTNbXh/qcwer9bRp3qKuOsCkJESICIrKgR8
pE9z1cGzFPTNCTOFq0gBAoIBAQDydXeAJuKW4oLEtbwFtVsSRIdDE1C1ItUg8X/N
Luu8ibq4IR0d2HMKeOv7ngeEJq7X95SCF4AI85ESzWaNfL+cIg3FaOx5MY4btKRA
W96Qip7BVQog3s3CiUjm/r0f/sCk+ISa6KkxASmgnQ9gTHLSrQJVFGzZhkuVzalZ
nZx64TJ70gEBQYKg7JeisPxJS1J6mkkc4C8eem/b8PAexnkId5rIcza2IbucqaNc
HirjyLge8VaOqwNDKxOB2M6U4lEkFaikoYHVi4CqTuOH5CJk/G6FXb1isM+rztkw
DfSlt5rYWPAiNrdSF1p5RC6D8aq0Q7aYsdVfJlwIOaimzVgBAoIBAQC+VD9oaSXI
4Kjyhz/tMO7Zo/vgJ+uSgYeIZRwQJh28+luKZ7zU0ycdWO/zUNFkICGjaVTIMaZN
kYQPayyfYPI/P/FOUAC4+CqzFTpk1SEbbMEsShpkzI0mLpnOR/KfE0/5R/pV78/p
IxvoNZt/yQHB1w0JeB+qYUNGzPBB2CBjpDFFqo/zi6y6JiyFvQbM0S2ne+C8TEJl
S5YJXtIyFr6wkdncJQOLmG0PaYj7y0BVe4a3H+S9XCR2Gl9LDOeKXNAJGWm3kZ/2
Z/tXyVEUERigdvCT+fqewnInVGQWAPoDBELeFseWKhG/SSIfYRUdLL5oGSQqzfjH
5D/fL5AV4fMhAoIBAH2E4oCtoNCMIzbC/rvVz3f9kijfbwDXL48Gdys6B0Br7QY1
3mT9EVFymHiCr1Fy1UFpIrDWiaoYrhoVy+mjk265EngIgaOcS/173yySYv5hRR7B
b6Tks5DqkZtEdZSCxiihn8SyfiSofWxw4uzvpuH6PyLcmB1ksOy0s995APF8dC41
4d9MktvMoBPRnEo1fFWMWh1g0gPtTsuGSEkmZrJDeRYcz04q2H2aNMATvhB+cRNT
zYO+dMnpGwg1vXzGTUtpCw1vr09mEQ4aGSDYshWluXHBvbHB50ECrN173BOOodMu
9+I+gVk2TdhJu+sCyWTZSUZzigrgSPTZJL51wAECgf8Dt6GFaIhUZA7orbuR5mLD
3XAN8LmpIt6Cy3bA2f26sykWivAlN/qLmDEXj3yHeBkwF96QCmg1G6J4qp80fbA9
jAIqhWV+N1qeJMv/LCp5XqZnNwtM7LHVDRPz83PJp5boR3+cLhLhes4QuvtOg56F
Kq4WgUIdEck+mMIYhyAa0hokQjCNkSzOdfBorEh1t6AspT6+br7dO5yykieI0ujm
ifK3WgG3uEJpCqaiRFX9VWxMJ1NQX3xW0i0KSjY7fZSSmOx3qWB2b5F5JXVv7uWM
PMZ2HWvHrgSMwBk0VNCNPogPzmIXjLrMAaGo+zxuVXFilxsduugg/1RAB63Iv6EC
ggEBAMQoK9aSSj76SvScSKqZ6KklRfgKtRE75o08jwsqrdim4JzSm8vXO1Nd1Tb3
eIE0LP0vH6NVTdOsPHutWe4JzBBJl+FerkW3XRA2t/+4csRXb/iAM3EJDIkNbgEQ
ehBooBQ1TdBMRFY+m5O/96Ae5rVjRTX21Yj59mv2yXX9eu/bT0dBnE/DPd//Be+R
v8F1dj+5sqjGsA442KdyBr9Sz7S16mj5NG7bArlrzKCRiVGBISrwHIYGjKAsNMEJ
1xg7G+9lgCHNyGVydZfyyBDBPdGgGPAwtQmdKklvxJUUMZFI+eDDZX5/KurZJqIs
eIgSvQOr5BiRYXkchX5HgLbp62c=
-----END PRIVATE KEY-----

                                    //////////////////// fatest5.key contents End /////////////////////

                                    //////////////////// fatest5.pem contents Start /////////////////////

                                    -----BEGIN CERTIFICATE-----
MIIGGDCCBACgAwIBAgIUWo+uFVUo/mHgKg2zFKr3mYOmgU0wDQYJKoZIhvcNAQEL
BQAwgYYxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDTzEPMA0GA1UEBwwGRGVudmVy
MQ8wDQYDVQQKDAZGQVRlc3QxEzARBgNVBAsMCkZBVGVzdFVuaXQxEjAQBgNVBAMM
CWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQbm9uZUBleGFtcGxlLmNvbTAeFw0y
NTAxMTExNzE4MzhaFw0zNTAxMDkxNzE4MzhaMIGGMQswCQYDVQQGEwJVUzELMAkG
A1UECAwCQ08xDzANBgNVBAcMBkRlbnZlcjEPMA0GA1UECgwGRkFUZXN0MRMwEQYD
VQQLDApGQVRlc3RVbml0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0B
CQEWEG5vbmVAZXhhbXBsZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
AoICAQC0QvlKHp/7NZAv+FYHUa5ZmdafbN7d/OvqWGGNTlKebZT9t6iXgqU9AZgr
7SlkoIrDr8iNFXCEb7N++2flCws7kCYq/IsZs2hjYy2K/6HH3xrjEvn772csR0Cv
R4AqEpq7dgBulKX0Y7MOW4XWwohsd07ijScjySBcE9mPVsq95EIZiRZCEhfkdGbl
g9mArWuEgEaB38BeJeqilNE+1Rx5wyOW0mIdPd5C9vvkenX+KTd39fEZ27mxjpbI
J8Ue57kLERRoAoXtk5aL0/bVAukvB4BZl2CZyOmMErTsIZyk5benQPPynoGXePNF
WiaZ0sd0cb+7qWvnf7loHNcEAIvIMf+f1BA5acp37eyMu//UIUSQM7A46c7J9CD3
sGhw3sFmpiCyA8PaCPN72XEvOAJwpprDCE91sR2BjUq7jK1SpL63px37Nw3iGKlv
Wqcl02KlJBvyU0ElrVUXt7c8hToLa+GHjeDE1dgi7MH0wLfTLQsGbPpgtb9sVcM+
PdWyYe+3XPM/rOe2K1eexIK9qM8nNQbjLsRPdkVx+/GvXbK1/w0qFuBKiZLaGlkR
TnCfOTOGLMcWRizccsgBalb5aFmAHY2tBZdow2siNl3iabh7ExwkXGH2lcVJIApH
mQxZN02EMlQScQyANYKnzw/LzQTykKkYFXqFoCydPKdU2OJLIQIDAQABo3wwejAd
BgNVHQ4EFgQUdTsmjyz+jzHC3CP1UZSRiGJFwvUwHwYDVR0jBBgwFoAUdTsmjyz+
jzHC3CP1UZSRiGJFwvUwDwYDVR0TAQH/BAUwAwEB/zAnBgNVHREEIDAegglsb2Nh
bGhvc3SCCyoubG9jYWxob3N0hwQKAAABMA0GCSqGSIb3DQEBCwUAA4ICAQBL/vmn
NP8SgvzMG9fzePxhmLDM7DCI9lVOW3ArevNaYEpAqgCP7rig2c7zi3zoZJjckNhS
eB+ncewIjGqM31Hog1+tdRZMl1HyCFFU7GDLutg06qMW+U6apIhoqRo1QsVjzZKd
Xj6uc6eoeWllsM3V0SaSuPPX+WUiGJDYxr6vrhMU78DnbUgjS3WtteDMkmK/fIlj
e1hCU6vw/LjGO79lHV1JTsVrZKEdKPBtXReAKzJpdeLKkh170OSO6AvNKoWIqLB0
mNcJCXucui2SUJjIiUWl3dRAGHFhiGA0w9Wbv7KEq/SqSnrSKVOyalkP6YjmBh+J
J4intaiY0Ya8gbieGDY9jcq91zPb0VIqVVZxOSGEwxwfxGsvbVWheh0sbCyrFmsX
jiOcnqa7Kd+bh6X0vEaGknDOBWSInr+3BRqA8Co+QHFjCDn8LSe4X9dz1NzDbdS0
bFSknuwQhzW1ItxCSQBKADbKwi9ifh6hLhOL5KeNLcJCeHuBRC021qkQhpnSVesB
vChFuscELP+cdzJLypr3OTk1NS6/g0oo3BUHOdANHcoKfeJKfIZLTgmoRtqGWYZF
zgsDxPTZapCmruu/jkMFeLxJz66X9id3KUNI+wPRUnaAP4WoZAUFt2gEThLM8us9
97tsb5L38dUf/7o5LYcwyykufGqk+rLDBln+BA==
-----END CERTIFICATE-----

                                    //////////////////// fatest5.pem contents End /////////////////////

                                    !You should never share your password and you will need to update it to work in your environment!

                                    //////////////////// fusionauth.properties contents start /////////////////////

                                    #
# Copyright (c) 2018-2024, FusionAuth, All Rights Reserved
#

#------------------------------------------------------------------------------
# Database
# - Specify the URL and credentials for your database here
# - Required on each node running FusionAuth App webservice
#------------------------------------------------------------------------------
database.url=jdbc:postgresql://localhost:5432/fusionauth
database.username=fusionauth
database.password=password

#------------------------------------------------------------------------------
# Additional MySQL database settings.
# - When enabled, FusionAuth will ensure the necessary 'utf8mb4' configuration parameters to
#   properly handle 4 byte unicode characters. FusionAuth will fail to start if not configured properly.
# - This value is ignored if using PostgreSQL
# - Only set to false if you understand the limitations not using 'utf8mb4' character sets.
#------------------------------------------------------------------------------
database.mysql.enforce-utf8mb4=true

#------------------------------------------------------------------------------
# Search engine
# - Required on each node to ensure it talks to the same search backend
#------------------------------------------------------------------------------

# Specify the search engine type, accepted values are `database` and `elasticsearch`.
# When configuring the search engine type to `elasticsearch`, you must configure the `fusionauth-app.search-servers` property as well.
search.type=database

# Specify the location of your FusionAuth Search servers. Multiple values may be specified using a comma separator.
# This configuration is used by FusionAuth App to connect to the ElasticSearch nodes. The specified port should be the
# configured value for 'fusionauth-search.http-port'.
#
# Single host example: http://localhost:9021
# Multiple hosts example: http://localhost:9021,http://192.168.1.42:9021
#search.servers=http://localhost:9021


#------------------------------------------------------------------------------
# fusionauth-search
# - Required on each node running FusionAuth Search
#------------------------------------------------------------------------------
fusionauth-search.transport.port=9020
fusionauth-search.http.port=9021
fusionauth-search.memory=512M
fusionauth-search.additional-java-args=

# Special values include: _local_, _site_. Values can be combined in a comma separated list.
fusionauth-search.hosts=_local_

# Specify the location of your FusionAuth Search Engine servers. Multiple values may be specified using a comma separator.
# This configuration is used by ElasticSearch to configure clustering. The specified port should be the configured value
# for 'fusionauth-search.transport-port'.
#
# Single host example: localhost:9020
# Multiple hosts example: localhost:9020,192.168.1.42:9020
fusionauth-search.servers=localhost:9020

# Specify the full path to the ElasticSearch data directory. This defaults to /usr/local/fusionauth/data/search/esv6
# on Linux/Unix and %FUSIONAUTH_HOME%\data\search\esv6 on Windows if not specified
fusionauth-search.data-directory=


#------------------------------------------------------------------------------
# fusionauth-app
# - Required on each node running FusionAuth App webservice
#------------------------------------------------------------------------------

# Optionally specify an addressable URL or IP address to access this node from other FusionAuth nodes.
# - In most cases this should be left empty and it will be determined at runtime.
# - Ideally this is a site local IP address that is not publicly routable but accessible from other FusionAuth nodes.
fusionauth-app.url=

# Specify the HTTP ports for the FusionAuth webservice
fusionauth-app.http.port=9011

# HTTPS support.
#
# To enable the TLS listener, you must provide a port, a private key, the server certificate and any intermediate certificates necessary. Root CA
# certs should not be included.
#
# - The server and intermediate certificates must be concatenated into the same file/property.
#
# - If you have installed the certificate chain and key as files, set the appropriate filenames in
#   fusionauth-app.https.certificate-file and fusionauth-app.https.private-key-file.
#
# - If you are setting the fields as PEM content (i.e. via an environment variable), use the
#   fusionauth-app.https.certificate and fusionauth-app.https.private-key properties.
#
# - If both file and content-based properties are set, the content-based settings will take precedence.
fusionauth-app.https.enabled=true
fusionauth-app.https.port=9013
fusionauth-app.https.certificate-file=C:\\fusionauth\\cert\\fatest5.pem
fusionauth-app.https.private-key-file=C:\\fusionauth\\cert\\fatest5.key
fusionauth-app.https.certificate=
fusionauth-app.https.private-key=



# Specify the memory size here. You can use M for megabytes and G for gigabytes
fusionauth-app.memory=512M

# Specify any additional JVM arguments here
fusionauth-app.additional-java-args=

# Runtime Mode. During development use, 'development' this will allow you to utilize maintenance mode.
# - Once you move into production, use 'production', this will disable maintenance mode.
# - Possible values [production, development]
fusionauth-app.runtime-mode=development

# Where Usage Data is sent if enabled
fusionauth-app.stats.url=https://usage-stats.fusionauth.io

                                    //////////////////// fusionauth.properties contents end /////////////////////

                                    S 1 Reply Last reply Reply Quote 0
                                    • S
                                      Scot @mark.robustelli
                                      last edited by

                                      @mark-robustelli

                                      I was able to start FusionAuth using your test fatest5.pem and fatest5.key but have been unable switch back to get my certificate to work. So this rules out the filename escaping in the config being the issue, and instead points to something being different with my certificate files.

                                      I've started comparing the differences between certificates but haven't been able to resolve the issue:

                                      • In my certificate i tried removing the intermediate certificate that was after the host's certificate
                                      • in my key file i removed this "RSA" text from the header and footer
                                      from
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
to
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
                                      mark.robustelliM 1 Reply Last reply Reply Quote 0
                                      • mark.robustelliM
                                        mark.robustelli @Scot
                                        last edited by

                                        @Scot Great! Well great that you were able to get it to run and we have isolated the issue. Not great in that it still won't run. How did you create your certificate? I did notice in the help that it requires it to be in a specific format. One time I created a cert and I don't think it was in the right format and it just hung. From the documentation, we need to make sure the private-key-file is in the PKCS#8 PEM format.

                                        .Screenshot 2025-01-13 at 1.29.40 PM.png

                                        S 1 Reply Last reply Reply Quote 0
                                        • S
                                          Scot @mark.robustelli
                                          last edited by

                                          I needed to convert my private key from PKCS1 to PKCS8

                                          To convert from PKCS#1 to PKCS#8:
                                          openssl pkcs8 -topk8 -inform pem -in private_pkcs1.pem -outform pem -nocrypt -out private_pkcs8.pem

                                          PKCS#1 PEM-encoded private key by the markers used to delimit the base64 encoded data:
                                          -----BEGIN RSA PRIVATE KEY-----
                                          -----END RSA PRIVATE KEY-----

                                          Afterwards the PKCS#8 looks different like:
                                          -----BEGIN PRIVATE KEY-----
                                          -----END PRIVATE KEY-----

                                          from https://www.upsync.dev/2022/02/22/loading-a-rsa-private-key

                                          mark.robustelliM 1 Reply Last reply Reply Quote 0
                                          • mark.robustelliM mark.robustelli has marked this topic as solved on
                                          • mark.robustelliM
                                            mark.robustelli @Scot
                                            last edited by

                                            @Scot Woo-hoo, glad you got rollin'!

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post