users@glassfish.java.net

Re: Add a self-signed certificate to a truststore.

From: Shing Wai Chan <Shing-Wai.Chan_at_Sun.COM>
Date: Mon, 15 Mar 2010 15:33:31 -0700

On 3/15/10 3:27 PM, Erwin Rehme wrote:
> Thanks Shing,
>
> With the help of this web page I was able to get the certificate into
> the db. Instead of using certutil to export the cert from the server,
> I used pk12util. I was then able to import to my client app server db
> using pk12util. This gave me a cert with "u,u,u" trust attributes.
>
> Now my question is how do I get my .asadmintruststore updated with
> this new cert? I tried deleting the .asadmintruststore file and
> running an asadmin command but that only put the app server cert in
> and not the new one.
So, this means your admin listener is using the app server cert rather
than your new cert.
You may configure your listener to use your corresponding certificates
for inbound
as in my previous blog in GlassFish v2,
http://blogs.sun.com/swchan/entry/multiple_private_keys_in_a

Shing Wai Chan
>
> -- Erwin
>
> Shing Wai Chan wrote:
>> You may like to read:
>> http://developers.sun.com/appserver/reference/techart/keymgmt.html
>> Shing Wai Chan
>>
>> On 3/15/10 10:08 AM, Erwin Rehme wrote:
>>> I have some client code running in glassfish that needs to connect to a
>>> server using SSL. I have been given the .rfc file for the self-signed
>>> certificate of the server and I'm trying to add it to my
>>> .asadmintruststore.
>>>
>>> The command:
>>>
>>> certutil -A -n SampleSSLServerCert -t "u,u,u" -d
>>> /opt/SUNWappserver/domains/domain1/config/ -i /SampleSSLServerCert.rfc
>>>
>>> adds the cert to the db but when I do:
>>>
>>> certutil -L -d /opt/SUNWappserver/domains/domain1/config
>>>
>>> I get:
>>>
>>> SampleSSLServerCert ,,
>>>
>>> and:
>>>
>>> certutil -V -u V -d /opt/SUNWappserver/domains/domain1/config -n
>>> SampleSSLServerCert
>>>
>>> says that the cert is invalid.
>>>
>>> If I use -t "P,P,P", the certificate is valid but when I delete
>>> .asadmintruststore and run:
>>>
>>> asadmin list-jms-hosts
>>>
>>> I get a prompt that asks me if I want to trust the app server
>>> certificate but I don't get a prompt to trust the self-signed
>>> certificate.
>>>
>>> Does the self-signed cert need to be added to the db using -t "u,u,u"
>>> and if so, how to I do that?
>>>
>>> If I can use -t "P,P,P" to get a valid cert into the db, how do I get
>>> that self-signed cert into .asadmintruststore?
>>>
>>> Thanks for your help.
>>>
>>> -- Erwin
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>