I can't get glassfish to send the intermediate certificates when connecting via SSL. Here is the keystore that stores the certificate. The 3 are included but for some reason the chain is only listed as one. The intermediate and root cert may have been inserted after the site certificate (would that matter?). Anyone else run into this before? Any ideas on how to fix it?
keytool -list -keystore keystore.jks
Enter keystore password: changeit
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 3 entries
imtermediate, May 8, 2008, trustedCertEntry,
Certificate fingerprint (MD5): 2A:C8:48:C0:85:F3:27:DE:32:29:44:BB:B0:2C:79:F8
verisignclass3ca, May 12, 2008, trustedCertEntry,
Certificate fingerprint (MD5): 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
s1as, May 8, 2008, PrivateKeyEntry,
Certificate fingerprint (MD5): 9C:32:5E:2F:49:74:C1:6A:79:05:3C:67:BA:B8:70:72
keytool -list -alias verisignclass3ca -v -keystore keystore.jks
Enter keystore password: changeit
Alias name: verisignclass3ca
Creation date: May 12, 2008
Entry type: trustedCertEntry
Owner: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Serial number: 70bae41d10d92934b638ca7b03ccbabf
Valid from: Sun Jan 28 16:00:00 PST 1996 until: Tue Aug 01 16:59:59 PDT 2028
Certificate fingerprints:
MD5: 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
SHA1: 74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2
Signature algorithm name: MD2withRSA
Version: 1
keytool -list -alias imtermediate -v -keystore keystore.jks
Enter keystore password: changeit
Alias name: imtermediate
Creation date: May 8, 2008
Entry type: trustedCertEntry
Owner: CN=VeriSign Class 3 Secure Server CA, OU=Terms of use at
https://www.verisign.com/rpa (c)05, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Serial number: 75337d9ab0e1233bae2d7de4469162d4
Valid from: Tue Jan 18 16:00:00 PST 2005 until: Sun Jan 18 15:59:59 PST 2015
Certificate fingerprints:
MD5: 2A:C8:48:C0:85:F3:27:DE:32:29:44:BB:B0:2C:79:F8
SHA1: 18:85:90:E9:48:78:47:8E:33:B6:19:4E:59:FB:BB:28:FF:08:88:D5
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 6F EC AF A0 DD 8A A4 EF F5 2A 10 67 2D 3F 55 82 o........*.g-?U.
0010: BC D7 EF 25 ...%
]
]
#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName:
http://crl.verisign.com/pca3.crl]
]]
#5: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..
https://www.ve
0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 risign.com/rpa
]] ]
]
#6: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL CA
S/MIME CA
]
#7: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
[OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US]
SerialNumber: [ 70bae41d 10d92934 b638ca7b 03ccbabf]
]
#8: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
CN=Class3CA2048-1-45
]
keytool -list -alias s1as -v -keystore keystore.jks
Enter keystore password: changeit
Alias name: s1as
Creation date: May 8, 2008
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=api.arcwebservices.com, OU=IOG, O=ESRI, L=Redlands, ST=California, C=US
Issuer: CN=VeriSign Class 3 Secure Server CA, OU=Terms of use at
https://www.verisign.com/rpa (c)05, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Serial number: 532e97b5abc182ddd9d28370d1f29678
Valid from: Tue May 06 17:00:00 PDT 2008 until: Thu May 07 16:59:59 PDT 2009
Certificate fingerprints:
MD5: 9C:32:5E:2F:49:74:C1:6A:79:05:3C:67:BA:B8:70:72
SHA1: B0:91:EA:B8:DD:E4:AB:62:21:4F:5B:8C:F1:B8:33:7D:35:F9:73:68
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
]
#2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName:
http://ocsp.verisign.com, accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName:
http://SVRSecure-aia.verisign.com/SVRSecure2005-aia.cer]
]
#3: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName:
http://SVRSecure-crl.verisign.com/SVRSecure2005.crl]
]]
#5: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 76 65 ..
https://www.ve
0010: 72 69 73 69 67 6E 2E 63 6F 6D 2F 72 70 61 risign.com/rpa
]] ]
]
#6: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
#7: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
#8: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 6F EC AF A0 DD 8A A4 EF F5 2A 10 67 2D 3F 55 82 o........*.g-?U.
0010: BC D7 EF 25 ...%
]
]
#9: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: arcwebstg-api.esri.com
DNSName: api.arcwebservices.com
]
[Message sent by forum member 'javidelgadillo' (javidelgadillo)]
http://forums.java.net/jive/thread.jspa?messageID=273846