On 3/16/10 8:38 AM, Erwin Rehme wrote:
> Maybe I should restate what I'm trying to do and see if I'm even on
> the right track.
>
> I have an application running in glassfish that needs to make http and
> https requests to other servers. All I'm trying to do is give my
> application certificates so that it can make https requests to other
> servers. With the standalone version of glassfish I was able to just
> import the remote server's certificate into the cacerts.jks file and
> the https requests worked. However, my application will be deployed
> using the Enterprise edition so I thought that importing the
> certificate into the db should make it available to my application. Is
> this not the case?
Yes, you just need to import the certificate (without the private key).
Shing Wai Chan
>
> -- Erwin
>
> Shing Wai Chan wrote:
>> On 3/15/10 3:27 PM, Erwin Rehme wrote:
>>> Thanks Shing,
>>>
>>> With the help of this web page I was able to get the certificate
>>> into the db. Instead of using certutil to export the cert from the
>>> server, I used pk12util. I was then able to import to my client app
>>> server db using pk12util. This gave me a cert with "u,u,u" trust
>>> attributes.
>>>
>>> Now my question is how do I get my .asadmintruststore updated with
>>> this new cert? I tried deleting the .asadmintruststore file and
>>> running an asadmin command but that only put the app server cert in
>>> and not the new one.
>> So, this means your admin listener is using the app server cert
>> rather than your new cert.
>> You may configure your listener to use your corresponding
>> certificates for inbound
>> as in my previous blog in GlassFish v2,
>> http://blogs.sun.com/swchan/entry/multiple_private_keys_in_a
>>
>> Shing Wai Chan
>>>
>>> -- Erwin
>>>
>>> Shing Wai Chan wrote:
>>>> You may like to read:
>>>>
>>>> http://developers.sun.com/appserver/reference/techart/keymgmt.html
>>>> Shing Wai Chan
>>>>
>>>> On 3/15/10 10:08 AM, Erwin Rehme wrote:
>>>>> I have some client code running in glassfish that needs to connect
>>>>> to a
>>>>> server using SSL. I have been given the .rfc file for the self-signed
>>>>> certificate of the server and I'm trying to add it to my
>>>>> .asadmintruststore.
>>>>>
>>>>> The command:
>>>>>
>>>>> certutil -A -n SampleSSLServerCert -t "u,u,u" -d
>>>>> /opt/SUNWappserver/domains/domain1/config/ -i
>>>>> /SampleSSLServerCert.rfc
>>>>>
>>>>> adds the cert to the db but when I do:
>>>>>
>>>>> certutil -L -d /opt/SUNWappserver/domains/domain1/config
>>>>>
>>>>> I get:
>>>>>
>>>>> SampleSSLServerCert ,,
>>>>>
>>>>> and:
>>>>>
>>>>> certutil -V -u V -d /opt/SUNWappserver/domains/domain1/config -n
>>>>> SampleSSLServerCert
>>>>>
>>>>> says that the cert is invalid.
>>>>>
>>>>> If I use -t "P,P,P", the certificate is valid but when I delete
>>>>> .asadmintruststore and run:
>>>>>
>>>>> asadmin list-jms-hosts
>>>>>
>>>>> I get a prompt that asks me if I want to trust the app server
>>>>> certificate but I don't get a prompt to trust the self-signed
>>>>> certificate.
>>>>>
>>>>> Does the self-signed cert need to be added to the db using -t "u,u,u"
>>>>> and if so, how to I do that?
>>>>>
>>>>> If I can use -t "P,P,P" to get a valid cert into the db, how do I get
>>>>> that self-signed cert into .asadmintruststore?
>>>>>
>>>>> Thanks for your help.
>>>>>
>>>>> -- Erwin
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>