Been trying to get my Glassfish server to use SSL, so I tried using the self signed certificate from the keystore.jks that was generated for me. This posed no issues poped it on http listener2 and selected SSL popped in my cert name into the Certificate NickName field and all was good. Whole site works for https.
However now we are taking it live I went and purchased a real certificate from geo trust they provided it to me in PKCS7 format which obviously needed to be converted to X.509 to use in Java's keytool so I did the following:
openssl pkcs7 -print_certs -in ssl_certificate.p7b -out ssl_certificate_new.cer
Bingo key in correct X.509 format
import the key:
keytool -import -trustcacerts -alias server_key -file ssl_certificate_new.cer -keystore keystore.jks -v
imported fine keytool -list -keystore keystore.jks
server_key, Feb 28, 2015, trustedCertEntry, Certificate fingerprint (SHA1): 30:56:B3:43:48:5B:9D:55:F3:E2:B1:77:A8:95:BB:04:63:EE:3E:FD glassfish-instance, Aug 21, 2014, PrivateKeyEntry, Certificate fingerprint (SHA1): BA:C3:47:F6:82:0F:72:3B:8F:EE:26:14:81:D2:C6:32:4C:1C:AA:B3 s1as, Aug 21, 2014, PrivateKeyEntry, Certificate fingerprint (SHA1): 1F:F8:EF:F1:B1:7D:C7:44:19:1E:21:3A:31:02:9A:A7:59:82:A6:3C
All looks good but change the Certificate NickName in the listener2 ssl properties to server_key and I get the message: web page not available, change it back to s1as and it all works again. What have I done wrong?
The only obvious differences to me are s1as is a PrivateKeyEntry where server_key is a trustedCertEntry.
Can anyone shed some light on this issue for me please?
Damien
Aucun commentaire:
Enregistrer un commentaire