users@glassfish.java.net

Re: RE: Glassfish SSL setup with cert containing certification path proble

From: <glassfish_at_javadesktop.org>
Date: Tue, 09 Jun 2009 16:51:21 PDT

Derek,

Thank you for the information.

I have separated the class and root certs from the p7b file and loaded the root and intermediate .der files into cacerts.jks.

I also imported the .pem file containing all root and intermediate certs into keystore.jks so I now have 3 entries:

keystore.jks
Alias - Type - Description
domainssl - PrivateKeyEntry - This is the key created and submitted to CA for the certs.
domain.com - trustedCertEntry -This is the .pem loaded with all 3 certs
s1as - PrivateKeyEntry - Key created by Glassfish default.

Question: Do the alias' names need to match (in both keystore.jks for the PrivateKey and .pem import and cacerts.jks) for all of the certs I am importing in the chain?

At this time the alias names do not match. The only alias names that match are the 'domainssl' key in keystore.jks and 'domainssl' TrustedCertEntry in cacerts.jks

Please let me know if I am not clear in my description.

Thank you for your prompt response.

Art

> Hello,
>
> If I read your posting correctly, you state:
> "I am able to successfully load this .pem into my
> cacerts.jks using keytool."
>
> If this is indeed what you have done, that could be
> the problem. You need to load the .pem into
> keytool.jks and then put the class and root certs
> into cacerts.
>
> Hope this helps.
> Derek
>
>
[Message sent by forum member 'artandscience' (artandscience)]

http://forums.java.net/jive/thread.jspa?messageID=350184