users@glassfish.java.net

RE: Glassfish SSL setup with cert containing certification path problems

From: Derek Sceats <dsceats_at_silasg.com>
Date: Tue, 9 Jun 2009 15:43:14 -0700

Hello,

If I read your posting correctly, you state:
"I am able to successfully load this .pem into my cacerts.jks using keytool."

If this is indeed what you have done, that could be the problem. You need to load the .pem into keytool.jks and then put the class and root certs into cacerts.

Hope this helps.
Derek


-----Original Message-----
From: glassfish_at_javadesktop.org [mailto:glassfish_at_javadesktop.org]
Sent: Tue 6/9/2009 3:28 PM
To: users_at_glassfish.dev.java.net
Subject: Glassfish SSL setup with cert containing certification path problems
 
Hello.

I have tried a number of different methods to make this work but have been thus far unsuccessful.

Windows 2003 Server
Glassfish v2

I followed the instructions here:

http://blogs.sun.com/enterprisetechtips/entry/using_ssl_with_glassfish_v2

Using the Development profile, I followed creating a key and configuring my keystore.jks. My keystore.jks contains my new PrivateKeyEntry Alias and MD5.

I submitted my key to my CA and recieved back a certificate with a certificate path in .p7b form

My Certification Path looks like this:
   Root CA
      Intranet Intermediate
           Intranet Issuing
               sub.mydomain.com

I am able to successfully export the entire .p7b file to .pem which contains the entire Certification Path. I am able to successfully load this .pem into my cacerts.jks using keytool. Keytool appears to load the certificate and the certification path successfully with no errors. The file is x509 compatible. I accept the cert and change my SSL alias in the Glassfish admin console to the alias used for my key and cert.

Both keystore.jks and cacerts.jks include the identical alias name for reference.

Glassfish successfully starts and I am able to load my web server.Upon loading my page under https I am presented with an invalid certificate warning. When I view the certificate it appears to have been issued by me and not my CA containing the Certification Path.

Am I missing something in the key generation that is causing this to happen?

The certificate error claims I am using a self signed certificate when viewing the details of the certificate error in IE and not the Root CA as specified in my .pem.

I am at a loss as to why my Certification Path is not being used.
[Message sent by forum member 'artandscience' (artandscience)]

http://forums.java.net/jive/thread.jspa?messageID=350171

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
For additional commands, e-mail: users-help_at_glassfish.dev.java.net