Problem with GoDaddy certificate for java SSL
843811Sep 27 2009 — edited Oct 1 2009 Hi,
I have been using the same certificate for Apache and java SSL for some time now. In the past, I would use openssl to generate the private key and CSR. Then I would use the key and cert in pem format for Apache, and transfer them to a keystore for java, as follows:
First use openssl to convert the key to pkcs8
openssl pkcs8 -nocrypt -topk8 -in server.key -out server8.key
Then use pkeytool to make the keystore containing both key and cert:
sh pkeytool -importkey -keyfile server8.key -certfile server.crt -keystore SSLKeys -storepass sarahbear1 -keypass sarahbear1 -alias SSLKeys
I could then use the keystore to setup the secure server socket:
javax.net.ServerSocketFactory ssf=null;
try {
SSLContext ctx=SSLContext.getInstance("TLS");
KeyManagerFactory kmf=KeyManagerFactory.getInstance("SunX509");
java.security.KeyStore ks=java.security.KeyStore.getInstance("JKS");
ks.load(new java.io.FileInputStream("//home//mfleming//creds//SSLKeys"),"XXXXXX".toCharArray());
kmf.init(ks,"XXXXXX".toCharArray());
ctx.init(kmf.getKeyManagers(),null,null);
ssf=ctx.getServerSocketFactory();
}
The secure server socket accepts connections from an applet.
This all worked before with certs from Thawte, etc. But it is not working with a cert from GoDaddy. I get a java.net.ssl.SSLHandshakeException. I think the problem is that I need to import a chain of intermediate certs somehow. GoDaddy supplied an "intermediate bundle" file that I used as the SSLCertificateChainFile with Apache, and Apache then worked fine. So evidently I have to something similar for my keystore, but I don't know how.
I tried following installing the instructions given here: http://coreygilmore.com/blog/2009/06/02/install-a-go-daddy-ssl-certificate-for-use-with-jboss-or-the-bes-5-bas/
for installing intermediate and root certs, but it didn't work.
I'd really appreciate any suggestions.
Matthew Fleming
mfleming@mcw.edu