Hello.
I have tried a number of different methods to make this work but have been thus far unsuccessful.
Windows 2003 Server
Glassfish v2
I followed the instructions here:
http://blogs.sun.com/enterprisetechtips/entry/using_ssl_with_glassfish_v2
Using the Development profile, I followed creating a key and configuring my keystore.jks. My keystore.jks contains my new PrivateKeyEntry Alias and MD5.
I submitted my key to my CA and recieved back a certificate with a certificate path in .p7b form
My Certification Path looks like this:
Root CA
Intranet Intermediate
Intranet Issuing
sub.mydomain.com
I am able to successfully export the entire .p7b file to .pem which contains the entire Certification Path. I am able to successfully load this .pem into my cacerts.jks using keytool. Keytool appears to load the certificate and the certification path successfully with no errors. The file is x509 compatible. I accept the cert and change my SSL alias in the Glassfish admin console to the alias used for my key and cert.
Both keystore.jks and cacerts.jks include the identical alias name for reference.
Glassfish successfully starts and I am able to load my web server.Upon loading my page under https I am presented with an invalid certificate warning. When I view the certificate it appears to have been issued by me and not my CA containing the Certification Path.
Am I missing something in the key generation that is causing this to happen?
The certificate error claims I am using a self signed certificate when viewing the details of the certificate error in IE and not the Root CA as specified in my .pem.
I am at a loss as to why my Certification Path is not being used.
[Message sent by forum member 'artandscience' (artandscience)]
http://forums.java.net/jive/thread.jspa?messageID=350171