I want to test an application which needs a https-connection and a certificate with the extended parameter "keyUsage digitalSignature" set.
First I set up an SSL-connector:
<Connector port="8443" address="${jboss.bind.address}"
maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
emptySessionPath="true"
scheme="https" secure="true" enableLookups="uri"
useURIValidationHack="false" disableUploadTimeout="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="${jboss.server.home.dir}/conf/https.keystore"
keystorePass="*****"
/>
Then created the certificate with OpenSSL:
// generating the key
openssl genrsa -des3 -out C:\CertTest\https.key
// generating the certificate request
openssl req -new -config C:\CertTest\elogon.cfg -key C:\CertTest\https.key -out C:\CertTest\https.csr
// sign the certificate (by myself)
openssl x509 -req -days 365 -in C:\CertTest\https.csr -signkey C:\CertTest\https.key -out C:\CertTest\https.crt
// putting the certificate into the keystore
openssl pkcs12 -export -name eLogon -in C:\CertTest\https.crt -inkey C:\CertTest\https.key -out C:\CertTest\https.keystore
I copied the https.keystore file into the conf-directory of JBoss. But when I start JBoss I get an error:
21:56:36,437 14187 ERROR [Http11BaseProtocol] (main:) Error initializing endpoint
java.io.IOException: Invalid keystore format
I've read this wiki-article: http://wiki.jboss.org/wiki/Wiki.jsp?page=SSLSetup and checked my keystore with:
keytool -list -keystore C:\CertTest\https.keystore -storetype PKCS12
it seems correct. Keystore type: PKCS12, Keystore provider: SunJSSE and 1 entry:
elogon, 23.11.2006, keyEntry,
Zertifikatsfingerabdruck (MD5): ****
So why can't JBoss read my keystore-file?
best regards,
dominik