SSL- Intermediate Certificate in AS7
Hello,
I have bought a GeoTrust QUICK SSL certificate and installed it on my JBOSS 7.1.1 :
I have convert the private key and the certificate in DEM format, then add them to a new keystore using this script:
http://www.nealgroothuis.name/import-a-private-key-into-a-java-keystore/
And here is my conf:
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="443"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="numtech-ssl" key-alias="numtech" password="changeit" certificate-key-file="${jboss.server.config.dir}/numtech.keystore" protocol="TLSv1" />
</connector>
<virtual-server name="default-host" enable-welcome-root="false">
<alias name="localhost"/>
</virtual-server>
</subsystem>
It works well, i can list my keystore and SSL works!
In fact it works well only with modern web browser, because GeoTrust DV SSL CA,the intermediate ca , is in most of them. But in other webbrowers (SmartPhone, old webbrowser, safari) it doesn't works (i have a warning, the same as with a self-signed cert).
I have used this tool to confirm it http://www.sslshopper.com/ssl-checker.html
it say : The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. You can fix this by following GeoTrust's Certificate Installation Instructions for your server platform (use these instructions for RapidSSL). Pay attention to the parts about Intermediate certificates.
So i have downloaded this intermediate CA and add it in my keystore with "root" alias as i read on the web. But same problem!
I have read the AS7 docs :
They said to first add the Intermediate CA as Root and THEN add the key-cert (but they didn't mention when add the private key?!) So i delete my keystore, create a new one with the intermediate ca and then add my private key and its cert...Same problem.
When searching on the forum i fount this thread:
https://community.jboss.org/thread/172052?start=0&tstart=0
I talk about putting the Intermediate CA in a Truststore but i dont think its correct, truststore is only needed when client auth is needed or when you have to trust other autorities. no?
I also found this thread:
http://web.archiveorange.com/archive/v/AVypsLO7J8azA4Xm8WQX
So i tried by concataining intermediate.der to mycertificate.der and then run the script to create the truststore, the creation works well, when i restart Jboss i have got no error but when i go to my website i have got an ERROR 2 without log in jboss...
Maybe its the order of the concatanation?
Btw...i have no more solution to explore by now, so any help will be pleased.
Regards,
Numtech
