#4 Submit the CSR to a CA such as VeriSign. In response, you should receive a signed server certificate. Make sure to import into your browser the CA certificate of the CA and any intermediate certificates indicated by the CA in the reply.
BTW: the prefix of the cert must match the FQ hostname where the certificate is located
its important you NOT skip any of these directions
Martin
______________________________________________
Verzicht und Vertraulichkeitanmerkung
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
> Date: Fri, 16 Jul 2010 02:41:07 -0700
> From: glassfish_at_javadesktop.org
> To: users_at_glassfish.dev.java.net
> Subject: Keytool import error
>
> Good Day,
>
> I have installed the following version of GlassFish Application Server,
>
> # ./asadmin version
> Version = Sun GlassFish Enterprise Server v2.1.1
>
> I followed the below steps to install a certificate signed by a CA,
>
> 1. Deleted the existing certificate using the following command,
> keytool -delete -alias s1as -keystore keystore.jks -storepass <store_passwd>
>
> 2. Then generated the key pair
> keytool -genkeypair -keyalg RSA -keystore keystore.jks -validity <val_days> -alias s1as
>
> 3. Then created a certificate request for getting it signed by CA
> keytool -certreq -alias s1as -file <certreq_file> -keystore keystore.jks -storepass <store_passwd>
>
> 4. Then importing the signed certificate
> keytool -import -v -alias s1as -file s1as.cert -keystore keystore.jks -storepass <store_passwd>
>
> The above steps where given by CA using the the url, http://blogs.sun.com/enterprisetechtips/entry/using_ssl_with_glassfish_v2.
>
> When trying to import the certificate I get the following error,
>
> # keytool -import -v -alias s1as -file s1as.cert -keystore keystore.jks -storepass <store_passwd>
>
> keytool error: java.lang.Exception: Failed to establish chain from reply
> java.lang.Exception: Failed to establish chain from reply
> at sun.security.tools.KeyTool.establishCertChain(KeyTool.java:2662)
> at sun.security.tools.KeyTool.installReply(KeyTool.java:1870)
> at sun.security.tools.KeyTool.doCommands(KeyTool.java:807)
> at sun.security.tools.KeyTool.run(KeyTool.java:172)
> at sun.security.tools.KeyTool.main(KeyTool.java:166)
>
> It would be really nice if someone could help me out here and few forums suggest to convert the format of the certificate file to pkcs#7 format, but I dont find the exact commands to do it. I used the tool suggested in the below url, but didnt help.
>
> https://www.sslshopper.com/ssl-converter.html.
>
> It would be really nice if someone could help since I have been stuck with the issue for almost 4 weeks.
>
> Thanks in Advance.
> [Message sent by forum member 'soma2810']
>
> http://forums.java.net/jive/thread.jspa?messageID=477794
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
_________________________________________________________________
Hotmail is redefining busy with tools for the New Busy. Get more from your inbox.
http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_2