Are there any other errors that would indicate what the error with the keystore? Perhaps something when wrong when importing the signed certificate?
No error, only this when I start a server.
I don't also know how to improve logs of Jboss to help myself with error ...Do you know how ?
I put a keystore in one directory and when I build it nothing go wrong.
I create a certificate with a keystore in this way :
keytool -genkey -keyalg RSA -keysize 1024 -keystore ulisse13.keystore -storepass ulisse -storetype JKS -alias ulisse13
keytool -certreq -keystore ulisse13.keystore -storepass ulisse -alias ulisse13 -file ulisse13.csr
java -cp jstk.jar org.jstk.cert.CertTool issue -cadir rootca -csrfile ulisse13.csr -cerfile ulisse13.cer -password changeit
keytool -import -keystore ulisse13.keystore -alias ulisse13 -file ulisse13.cer
That's right ?
Did I must change alias when I import a trunsted certificate in the same keystore ?
But I just do this again and doesn't work too.
Maybe I must check my certificate with one external tools ? Can you suggest ?
Well if it's a showstopper error, the current log levels should be enough
The CA that did the signing problably has more detailed info, it's been a while since I did it but last time I recall a -trustcacerts in the import.
But what about Jboss configuration ? I need to add somethings else in standalone ?
Now I'll make different test with the -trustcacerts..
I think I just have a
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true"> <ssl name="ssl" key-alias="jbossas7" password="jbossas7" certificate-key-file="c:/users/karlsnic/jbossas7.keystore"/> </connector>
The ca-certificate as a separate file should also work but one would think that if you try to import the ca-certs, you should at least see some error if they are malformed.
yes, Iknow that the ca-certificate-file is the truststore container where put client certificate.
Incredible, with -trustcacerts Jboss 7.1.0 and Jboss 7.1.1 is going well.
No Jboss error are present.
But in the browser the certificate is again red and marked like untrusted.
I download it and saw all the part is the new certificate tha I just did before.
That's right, but I don't know what is wrong!!???!
When I try to this command to test :
openssl s_client -connect 138.132.XX.YY:443
The response is :
verify error:num=19:self signed certificate in certificate chain
Verify return code: 19 (self signed certificate in certificate chain)
How means ? And how I can provided to it ?