So I did a quick test with a JSP receiding within the docroot of the
'DAS'; the code just opens a URLconnection to a URL with scheme 'https'.
1) Accessing the JSP results in PKIX Exception (as expected) because I
did not insert the Cert of the CA used to sing the server's cert into
the truststore.
2) I retrieved the 'siging cert' and imported it into
'<domain-dir>/config/cacerts.jks' as this is default-JSSE-truststore
used by 'DAS'
3) restarted the 'DAS'
4) Access the JSP again .... works like a charm.
-Bernhard
On 11/30/2011 05:16 PM, forums_at_java.net wrote:
> Hi,
>
> Now it partially works....
> I modified javax.net.ssl.truststore and keystore to point to
> *jre/lib/security/cacerts* and it worked (btw, why isn't it enough to
> modify
> the truststore??).
> I was able to authenticate with LDAPs.
> *But*, now I get the following error upon deployment of other wars
> (actually,
> osgi WABs):
> "Key alias s1as not found in keystore" (full log attached)
> which make sense because I overrided GF keystore which contains the s1as
> alias
>
> 1. Why simply adding my certificate using "keytool -import" into
> domain/config/cacerts.jks doens't work??? ahhh
> 2. Can I define GF to add more keystores so that I won't have to override
> its own keystore, just add another one maybe?
> Thanks!
>
>
>
> --
>
> [Message sent by forum member 'Karo']
>
> View Post: http://forums.java.net/node/869156
>
>
>
--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699
bernhard.thalmayr_at_painstakingminds.com - Solution Architect
This e-mail may contain confidential and/or privileged information.If
you are not the intended recipient (or have received this email in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.