Hi,
I don't know about "Apex Listener", but we just configured SSL on GF, using
the out-of-box listener-2, listening on port 8181.
At first, I wanted to use my own keystore name instead of the default
keystore.jks, and also wanted to use my own alias instead of 's1as', and also
our own keystore and alias passwords.
However, when I tried (several times), and failed, I kind of gave up on that
approach, because the keystore name, alias, and passwords are in several
different places (domain.xml and either command line params or JVM
properties.
So, what I ended up doing was:
- Use default keystore names (keystore.jks and cacerts.jks)
- Use default keystore passwords and key password
- Add my CA cert to cacerts.jks using keytool
- Delete the original keystore.jks
- Create a CSR and new keystore named keystore.jks, with same as default
password, and with alias 's1as'
- Submit the CSR to CA, and get back cert file
- Import the new cert into my new keystore.jks
And then everything worked.
Obviously, the downside, as is noted by various webpages, is that the
keystore and alias are still the original default, but as I tried, several
times, to use my own, and it was not successful.
Jim
P.S. Re. about listeners and ports: I think answer is 'yes', each
listener has to be on a different port from other listeners, e.g., listener-1
for non-SSL on port 8080, and listener-2 on port 8181 for SSL.
--
[Message sent by forum member 'jimcpl']
View Post: http://forums.java.net/node/883445