Thanks for teh hint. I just tried to add gd_bundle.crt to cacarts.jks as well
and retried. But to no avail. To recap, here is what I did: cd
/opt/glassfish3/glassfish/domains/domain1/config # Backup keystores cp
keystore.jks keystore.jks.bak cp cacerts.jks cacerts.jks.bak # Stop glassfish
sudo /etc/init.d/glassfish stop # Delete the old cert from the keystore
keytool -delete -alias app -keystore keystore.jks -storepass changeit # Add
new cert to keystore keytool -import -alias app -keystore keystore.jks
-trustcacerts -file 717......8c4.crt # Delete root cert from keystore keytool
-delete -alias root -keystore keystore.jks -storepass changeit # Add new root
cert yo keystore keytool -import -v -alias root -keystore keystore.jks
-trustcacerts -file gd_bundle.crt # Delete Go Daddy entry from cacerts and
import new one keytool -delete -alias godaddyclass2ca -keystore cacerts.jks
keytool -import -alias godaddyclass2ca -keystore cacerts.jks -trustcacerts
-file gd_bundle.crt # Start glassfish sudo /etc/init.d/glassfish start # Test
openssl s_client -msg -connect mydomain.com:8181 -state Result:
CONNECTED(00000003) SSL_connect:before/connect initialization >>> TLS 1.0
Handshake [length 006c], ClientHello 01 00 00 68 03 01 53 ca cc 84 6f bc c2
f4 81 fa snip 03 00 ff 02 01 00 00 04 00 23 00 00 SSL_connect:SSLv2/v3 write
client hello A 139675755902792:error:140790E5:SSL routines:SSL23_WRITE:ssl
handshake failure:s23_lib.c:177: --- no peer certificate available --- No
client certificate CA names sent --- SSL handshake has read 0 bytes and
written 113 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS
NOT supported Compression: NONE Expansion: NONE ---
--
[Message sent by forum member 'TenG_uk']
View Post: http://forums.java.net/node/903942