Keytool SSL JBoss/Tomcat
843811Oct 26 2009 — edited Oct 27 2009Okay, I seem to have a problem setting up SSL on a JBoss with internal tomcat. The problem seem to be with using keytool and importing the certificates from a trusted CA. Or well... the problem is i probably don't know how to do it.
Scenario:
Use SSL on tomcat/JBoss using a trusted certificate cacert.
1. We create a keystore.
keytool -genkey -alias stuff -keyalg "RSA" -keystore server.keystore -storepass ourpass -validity 3650
2. We generate a csr to send to the ca.
keytool -certreq -keystore server.keystore -alias stuff -file our.server.com.csr
3. We send the file our.server.com.csr to the CA and receive back 2 files:
cert-blablabla.pem
chain-blablabla.pem
4. Now what?
We import the cert file into our keystore.
keytool -import -alias root -keystore server.keystore -trustcacerts -file cert-blablabla.pem
(tried using alias "stuff" on the import, but it says something like "could not create any chain from the answer")
5. We use the server.keystore on the server. Using https:// it still stays the certificate is not valid.
So the questions are:
* What do we use the chain- file to?
* How do we really import the certificate to make it work?
Using keytool -list -keystore server.keystore -file server.keystore it says there is:
1 PrivateKeyEntry for our "stuff" alias
1 TrustedCertEntry for the "root" alias
Even if we do not import the cert, and simply only leave the private key entry in it and put it on the server, it works exactly similar
to what it would if we do put the cert in it...