: SSL Configuration Problem I've generated an SSL certificate with keytool: keytool -keystore keystore -alias mySite -genkey -keyalg RSA -keysize 2048 I got this configured and working fine, but

Posted in: #Godaddy #Https #Java #SecurityCertificate

I've generated an SSL certificate with keytool:

keytool -keystore keystore -alias mySite -genkey -keyalg RSA -keysize 2048

I got this configured and working fine, but obviously it wasn't signed by a trusted CA, so I generated a CSR:

keytool -certreq -alias mySite -keystore keystore -file mySite.csr

GoDaddy gave me two certificates back, which I imported into my keystore:

keytool -keystore keystore -import -alias mySite.com -file mySite.com.crt
keytool -keystore keystore -import -alias gd_bundle -file gd_bundle.crt

I thought this would be sufficient, but I am still getting an untrusted certificate warning when I hit my app through the browser. Am I missing a step? My app is running on Jetty, and the only configuration I've provided is the keystore and the key-password.

I am getting the following exception:

javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate

10.02% popularity Vote Up Vote Down

: You just need to: register the international domains; point them to your provider; setup your provider nameservers to server all that domains; use HTTP_HOST environment variable in your code to

@Gloria169

0 Comments

: Accepting international payments I would like to accept payments for international currencies, and also accept payment from foreign credit cards. For example, I want to sell a product who's price

@Gloria169

Posted in: #PaymentGateway #Payments

1 Comments

: There are couple of e-commerce modules in Orchard Gallery atm. I'd advise you to watch Drew Robbins build a Flower Store at MIX11. It's short, but may be a great help! HTH

@Gloria169

0 Comments

:

@Gloria169

0 Comments

Login to post a comment!

2 Comments

Sorted by latest first Latest Oldest Best

@Steve110

Not sure I'm following what all was done differently. Was the key difference that you used openssl instead of keytool to request the certificate? What was used to do the import? The commands listed in your answer:

openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in mysite.com.crt -inkey mysite.key -out mysite.pkcs12
java -classpath jetty-util-6.1.26.jar:jetty-6.1.26.jar org.mortbay.jetty.security.PKCS12Import mysite.pkcs12 keystore

These only show the "openssl pkcs12 -export" and a "java -classpath" command. Did you still use keytool for the -import?

10% popularity Vote Up Vote Down

@Shanna517

After messing around with this for a couple hours, I was able to find a solution. I ended up using openssl instead of keytool:

openssl genrsa -des3 -out mysite.key 2048
openssl req -new -key mysite.key -out mysite.csr

Submit the CSR, and once you get issued a cert:

openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in mysite.com.crt -inkey mysite.key -out mysite.pkcs12
java -classpath jetty-util-6.1.26.jar:jetty-6.1.26.jar org.mortbay.jetty.security.PKCS12Import mysite.pkcs12 keystore

Hope others find this useful!

10% popularity Vote Up Vote Down

Feed

: SSL Configuration Problem I've generated an SSL certificate with keytool: keytool -keystore keystore -alias mySite -genkey -keyalg RSA -keysize 2048 I got this configured and working fine, but

More posts by @Gloria169

: You just need to: register the international domains; point them to your provider; setup your provider nameservers to server all that domains; use HTTP_HOST environment variable in your code to

: Accepting international payments I would like to accept payments for international currencies, and also accept payment from foreign credit cards. For example, I want to sell a product who's price

: There are couple of e-commerce modules in Orchard Gallery atm. I'd advise you to watch Drew Robbins build a Flower Store at MIX11. It's short, but may be a great help! HTH

:

Login to post a comment!

2 Comments

Back to top | Use Dark Theme