Maybe I should restate what I'm trying to do and see if I'm even on the
right track.
I have an application running in glassfish that needs to make http and
https requests to other servers. All I'm trying to do is give my
application certificates so that it can make https requests to other
servers. With the standalone version of glassfish I was able to just
import the remote server's certificate into the cacerts.jks file and the
https requests worked. However, my application will be deployed using
the Enterprise edition so I thought that importing the certificate into
the db should make it available to my application. Is this not the case?
-- Erwin
Shing Wai Chan wrote:
> On 3/15/10 3:27 PM, Erwin Rehme wrote:
>> Thanks Shing,
>>
>> With the help of this web page I was able to get the certificate into
>> the db. Instead of using certutil to export the cert from the server,
>> I used pk12util. I was then able to import to my client app server db
>> using pk12util. This gave me a cert with "u,u,u" trust attributes.
>>
>> Now my question is how do I get my .asadmintruststore updated with
>> this new cert? I tried deleting the .asadmintruststore file and
>> running an asadmin command but that only put the app server cert in
>> and not the new one.
> So, this means your admin listener is using the app server cert rather
> than your new cert.
> You may configure your listener to use your corresponding certificates
> for inbound
> as in my previous blog in GlassFish v2,
> http://blogs.sun.com/swchan/entry/multiple_private_keys_in_a
>
> Shing Wai Chan
>>
>> -- Erwin
>>
>> Shing Wai Chan wrote:
>>> You may like to read:
>>> http://developers.sun.com/appserver/reference/techart/keymgmt.html
>>> Shing Wai Chan
>>>
>>> On 3/15/10 10:08 AM, Erwin Rehme wrote:
>>>> I have some client code running in glassfish that needs to connect
>>>> to a
>>>> server using SSL. I have been given the .rfc file for the self-signed
>>>> certificate of the server and I'm trying to add it to my
>>>> .asadmintruststore.
>>>>
>>>> The command:
>>>>
>>>> certutil -A -n SampleSSLServerCert -t "u,u,u" -d
>>>> /opt/SUNWappserver/domains/domain1/config/ -i /SampleSSLServerCert.rfc
>>>>
>>>> adds the cert to the db but when I do:
>>>>
>>>> certutil -L -d /opt/SUNWappserver/domains/domain1/config
>>>>
>>>> I get:
>>>>
>>>> SampleSSLServerCert ,,
>>>>
>>>> and:
>>>>
>>>> certutil -V -u V -d /opt/SUNWappserver/domains/domain1/config -n
>>>> SampleSSLServerCert
>>>>
>>>> says that the cert is invalid.
>>>>
>>>> If I use -t "P,P,P", the certificate is valid but when I delete
>>>> .asadmintruststore and run:
>>>>
>>>> asadmin list-jms-hosts
>>>>
>>>> I get a prompt that asks me if I want to trust the app server
>>>> certificate but I don't get a prompt to trust the self-signed
>>>> certificate.
>>>>
>>>> Does the self-signed cert need to be added to the db using -t "u,u,u"
>>>> and if so, how to I do that?
>>>>
>>>> If I can use -t "P,P,P" to get a valid cert into the db, how do I get
>>>> that self-signed cert into .asadmintruststore?
>>>>
>>>> Thanks for your help.
>>>>
>>>> -- Erwin
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>