Skip to Main Content

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Problem with GoDaddy certificate for java SSL

843811Sep 27 2009 — edited Oct 1 2009
Hi,

I have been using the same certificate for Apache and java SSL for some time now. In the past, I would use openssl to generate the private key and CSR. Then I would use the key and cert in pem format for Apache, and transfer them to a keystore for java, as follows:

First use openssl to convert the key to pkcs8
openssl pkcs8 -nocrypt -topk8 -in server.key -out server8.key

Then use pkeytool to make the keystore containing both key and cert:
sh pkeytool -importkey -keyfile server8.key -certfile server.crt -keystore SSLKeys -storepass sarahbear1 -keypass sarahbear1 -alias SSLKeys

I could then use the keystore to setup the secure server socket:

javax.net.ServerSocketFactory ssf=null;
try {
SSLContext ctx=SSLContext.getInstance("TLS");
KeyManagerFactory kmf=KeyManagerFactory.getInstance("SunX509");
java.security.KeyStore ks=java.security.KeyStore.getInstance("JKS");
ks.load(new java.io.FileInputStream("//home//mfleming//creds//SSLKeys"),"XXXXXX".toCharArray());
kmf.init(ks,"XXXXXX".toCharArray());
ctx.init(kmf.getKeyManagers(),null,null);
ssf=ctx.getServerSocketFactory();
}

The secure server socket accepts connections from an applet.

This all worked before with certs from Thawte, etc. But it is not working with a cert from GoDaddy. I get a java.net.ssl.SSLHandshakeException. I think the problem is that I need to import a chain of intermediate certs somehow. GoDaddy supplied an "intermediate bundle" file that I used as the SSLCertificateChainFile with Apache, and Apache then worked fine. So evidently I have to something similar for my keystore, but I don't know how.

I tried following installing the instructions given here: http://coreygilmore.com/blog/2009/06/02/install-a-go-daddy-ssl-certificate-for-use-with-jboss-or-the-bes-5-bas/
for installing intermediate and root certs, but it didn't work.

I'd really appreciate any suggestions.

Matthew Fleming
mfleming@mcw.edu
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Mar 14 2023
Added on Sep 27 2009
25 comments
2,426 views