Wildfly 8.2: importing wildcard certificate, intermediate certificate missing

chrisvoo Aug 21, 2015 12:09 PM

Hi folks,

I've followed this thread for importing my GeoTrust Wildcar certificate for my company domain (*.company.com). These are all the steps I've made so far:

keytool -genkeypair -alias company -keyalg RSA -keysize 2048 -validity 7360 -keystore cdn.keystore -keypass pass -storepass pass
keytool -import -v -trustcacerts -storepass pass -alias primaryca -keystore cdn.keystore -file public.pem
openssl pkcs12 -export -in public.pem -inkey private.pem -CAfile ca.pem -name company -out keystore.p12
keytool -importkeystore -deststorepass pass -destkeypass pass -destkeystore cdn.keystore -srckeystore keystore.p12 -srcstoretype PKCS12

The third passage ask me to overwrite the company entry inserted in the first passage: if I say no, the browser doesn't recognized the GeoTrust certificate and it treats it like a normal self signed certificate. If I say yes, all seems to work properly but if I check my installation with GeoTrust CryptoReport (or another site) it tells me it miss intermediate key and it's not trusted.

If I open the site with Chrome or Firefox I don'r receieve any security warning, but I'm concerned that the previous error could lead to incompatibilities with Microsoft ADFS (I use Spring Security SAML).

Any ideas?

1. Re: Wildfly 8.2: importing wildcard certificate, intermediate certificate missing

chrisvoo Aug 28, 2015 3:46 AM (in response to chrisvoo)

Here is it the answer for your convenience:

cat ca.pem /etc/ssl/certs/ca-certificates.crt > allcacerts.pem # to avoid openssl errors we bind together CA cert with all cacerts

openssl pkcs12 -export -chain -in public.pem -inkey private.pem -out server.p12 -name server -CAfile allcacerts.pem -caname root

keytool -importkeystore -deststorepass YOURPASS -destkeypass YOURPASS -destkeystore my.keystore -srckeystore server.p12 -srcstoretype PKCS12 -srcstorepass YOURPASS -alias YOURALIAS
Actions