Hello Kumar,
I followed your procedure with one difference. I did not delete the "s1as" default self-signed certificate and recreated it, but I created directly a new one with a different alias.
These were the steps according to my protocol:
1) Create private key:
keytool -genkeypair -keyalg RSA -keystore glassfish/domains/domain1/config/keystore.jks -validity 700 -alias pluginsmithy
2) Generate CSR:
keytool -certreq -alias pluginsmithy -file pluginsmithy.csr -keystore glassfish/domains/domain1/config/keystore.jks
3) Requested and received test certificate from the vendor
4) Imported the Comodo intermediate certificates according to the following URL, but did not yet install the certificate itself
https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=897
5) Invoked the Java program from your blog entry (I had renamed the Main class to ImportCert), www.pluginsmithy.com.crt is the file containing the test certificate
java ImportCert www.pluginsmithy.com.crt keystore.jks <keystore password> pluginsmithy
When I do a keytool -list -v on the keystore after that, I see the pluginsmithy certificate like this:
Alias name: pluginsmithy
Creation date: Jan 15, 2008
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=www.pluginsmithy.com, OU=EuropeanSSL Trial, OU=Provided by www.EuropeanSSL.eu (EUNETIC GmbH), OU=Domain Control Validated
Issuer: CN=PositiveSSL CA, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Serial number: a29bf232df45295531e739d764c39f99
Valid from: Wed Jan 02 01:00:00 CET 2008 until: Sat Feb 02 00:59:59 CET 2008
Certificate fingerprints:
MD5: B2:E4:FC:64:8F:05:B5:FD:03:62:B6:93:7C:4E:0F:5E
SHA1: DE:42:CD:7D:F0:21:64:21:1D:F3:96:D1:8E:CA:31:23:59:59:62:87
The procedure that actually worked was to follow the procedure from the support.comodo.com website until the last step. Instead of running the Java program I did the following (I had restored the keystore to state after the Comodo certificates were imported but before the Java program was invoked):
keytool -import -trustcacerts -alias pluginsmithy -file www.pluginsmithy.com.crt -keystore keystore.jks
When I do a keytool list -v on the keystore after that, the entry under the "pluginsmithy" alias looks different:
Alias name: pluginsmithy
Creation date: Jan 13, 2008
Entry type: keyEntry
Certificate chain length: 4
Certificate[1]:
Owner: CN=www.pluginsmithy.com, OU=EuropeanSSL Trial, OU=Provided by www.EuropeanSSL.eu (EUNETIC GmbH), OU=Domain Control Validated
Issuer: CN=PositiveSSL CA, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Serial number: a29bf232df45295531e739d764c39f99
Valid from: Wed Jan 02 01:00:00 CET 2008 until: Sat Feb 02 00:59:59 CET 2008
Certificate fingerprints:
MD5: B2:E4:FC:64:8F:05:B5:FD:03:62:B6:93:7C:4E:0F:5E
SHA1: DE:42:CD:7D:F0:21:64:21:1D:F3:96:D1:8E:CA:31:23:59:59:62:87
Certificate[2]:
Owner: CN=PositiveSSL CA, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Issuer: CN=UTN-USERFirst-Hardware, OU=
http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Serial number: 4ccd4a9a5b4513218ccf902f8b2b5171
Valid from: Mon Sep 18 02:00:00 CEST 2006 until: Sat May 30 12:48:38 CEST 2020
Certificate fingerprints:
MD5: DE:AA:8D:D6:00:57:F5:BD:4C:42:E1:2E:EE:9B:41:DD
SHA1: DD:C5:8C:53:DF:2E:F2:B2:66:20:BF:1C:A7:D4:15:FF:98:CD:B4:84
Certificate[3]:
Owner: CN=UTN-USERFirst-Hardware, OU=
http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Serial number: 26211bf52aeb51b00bfa9fdd8d36da9e
Valid from: Tue Jun 07 10:09:10 CEST 2005 until: Sat May 30 12:48:38 CEST 2020
Certificate fingerprints:
MD5: 35:F3:4B:25:5C:F0:C9:FE:C0:0F:02:81:25:00:91:CF
SHA1: F5:EF:6B:80:C1:3C:1C:D3:22:8E:4F:A1:4F:A4:CA:E7:C0:C8:5A:79
Certificate[4]:
Owner: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Serial number: 1
Valid from: Tue May 30 12:48:38 CEST 2000 until: Sat May 30 12:48:38 CEST 2020
Certificate fingerprints:
MD5: 1D:35:54:04:85:78:B0:3F:42:42:4D:BF:20:73:0A:3F
SHA1: 02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
You see that there's now a certificate chain of length 4 instead of 1 under the pluginsmithy alias which includes the intermediate certificates.
I hope this helps you to find out whether I made a mistake or whether there's a flaw in your program.
Thanks
Stephan
[Message sent by forum member 'smuehlst' (smuehlst)]
http://forums.java.net/jive/thread.jspa?messageID=254056