users@glassfish.java.net

Re: IIOP and SSL

From: <glassfish_at_javadesktop.org>
Date: Mon, 10 Mar 2008 05:41:45 PST

Hi Dies,

Please help me out a little further as I don't understand your reply completely.

Up until now I did the following with certificates:

1. On the client side:
I used the program from Andreas' blog to get a certificate file (c:/jssecacerts ).
This provided me a file with the default auto-generated, self-signed certificate of the server (nickname s1as) from the keystore.jks of the server.
In my appclient Main program I've set the (clientside) keystore and the (clientside)truststore to that specific file using System.setProperty statements.

2. On the server side:
I did not perform any additional steps.
The reason being that the server, upon intstallation, already did generate a default, self-signed certificate.
(as far as I can check) There's an entry for this certificate in the keystore.jks file and the cacerts.jks file of the server (both located in %serverhome%\domains\domain1\config directory).
The keytool utility shows the certificate in the keystore as well as the truststore if I ask for a list using alias s1as (the nickname of the server).
The server.log also shows that this is the case.
So to my opinion this means that the server 'knows' and trusts (its own) self-signed certificate. No extra steps needed...

Are my actions and assumptions correct and complete?
Or do I need to do something more:
1. On the client side?
2. On the server side?

I noticed the CORBA errors in the log too but to me they give no clue as were to go from here.

Could it be that the cert file generated by Andreas' program is incorrect for my purpose?
I ran Andreas program with the following command:
java InstallCert localhost:8181

Thanks again for the response.

Bart.
[Message sent by forum member 'bertusdotcom' (bertusdotcom)]

http://forums.java.net/jive/thread.jspa?messageID=263167