Ah, thanks for the reply. Well I am looking more at the admin (to get familiar with it) and now see under configuration/server-config/http/httpListeners/http-listener-2 uses the 8181 protocol. Looking at the SSL tab I see the Certificate Nickname s1as (this is what I changed last time and broke the server!)
Well I also used the 2 commands you suggested;
keytool -export -file wfgfcert.crt -keystore keystore.jks -alias wfgfcert
Enter keystore password:
Certificate stored in file <wfgfcert.crt>
keytool -printcert -file wfgfcert.crt
Owner: CN=my.domain.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)09, OU=GT06273877, O=my.domain.com, C=US
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Serial number: d0b49
Valid from: Tue Sep 22 14:26:12 EDT 2009 until: Sat Sep 24 16:38:06 EDT 2011
Certificate fingerprints:
MD5: D9:26:3A:33:26:63:62:F1:B4:C3:4D:16:8B:2D:11:4C
SHA1: 17:F8:24:21:59:D6:B1:A4:F4:E0:D1:52:B3:D3:D3:10:18:19:DE:66
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
]
#2: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: DA 50 50 FC 5F D6 0E 79 A0 39 D6 36 84 8E A1 3B .PP._..y.9.6...;
0010: 9C 9D 73 66 ..sf
]
]
#3: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName:
http://crl.geotrust.com/crls/secureca.crl]
]]
#4: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
#5: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
0010: 98 90 9F D4 ....
]
]
So, looking at the above, it seems the cert is correct, I just don't know if it's a simple change in that domain.xml file from s1as to wfgfcert, as I said that is what I did last time and broke the server, but now that I have the forum I am a bit more brave :)
So just let me know what the next step will be to enable gf to use that cert as opposed to the self-signed one and I will be good to go with this!
Thanks
[Message sent by forum member 'xlancealotx' (lraymond_at_weatherflow.com)]
http://forums.java.net/jive/thread.jspa?messageID=365588