Featured Post

The great debacle of healthcare.gov

This is the first time in history when the president of the United States of America, or probably for any head of state around the world,...

Sunday, October 28, 2007

HTTPS configuration in JBoss/Tomcat

1. Create the Keystore using keytool. It creates the private key and public key.
2. copy the private key. Get the security certificates from the commercial SSL certificate provider (like Verisign Inc.).
3. Import the certificates provided by the commercial vendors. Follow the sequence while importing. The sequence is - import the site specific certificate, domain specific certificate and root certificate. WHILE IMPORTING ROOT CERTIFICATE use the option to override the public key that was generated while creating the keystore. Otherwise it won't work. We had hardtime with this problem and almost 3/4 days wasted

-------------Sample Certification from Verisign------------

keytool -import -alias intermediateCA -keystore test.keystore -trustcacerts -file intermediateCA.cer

Enter keystore password: foobar

Owner: CN=VeriSign Trial Secure Server Test CA,
OU=Terms of use at https://www.v/erisign.com/cps/testca (c)05,
OU="For Test Purposes Only. No assurances.",
O="VeriSign, Inc.",
C=USIssuer: CN=VeriSign Trial Secure Server Test Root CA, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.",
C=USSerial number: 63b1a5cdc59f78801da0636cf975467b
Valid from: Tue Feb 08 19:00:00 EST 2005
until: Sun Feb 08 18:59:59 EST 2015Certificate fingerprints:
MD5: 8D:E9:89:DB:7F:CC:5E:3B:FD:DE:2C:42:08:13:EF:43
SHA1: D0:A5:BB:56:9E:CE:BE:B3:65:14:00:DE:BF:24:8B:A4:86:8C:7B:D8Trust this

certificate? [no]: yes
Certificate was added to keystore

keytool -import -alias test -keystore test.keystore -trustcacerts -file Cert.cerEnter keystore password: foobar

keytool error: java.lang.Exception: Failed to establish chain from reply

No comments: