I want to test an application which needs a https-connection and a certificate with the extended parameter "keyUsage digitalSignature" set.

First I set up an SSL-connector:

<Connector port="8443" address="${jboss.bind.address}"
 maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
 emptySessionPath="true"
 scheme="https" secure="true" enableLookups="uri"
 useURIValidationHack="false" disableUploadTimeout="true"
 clientAuth="false" sslProtocol="TLS"
 keystoreFile="${jboss.server.home.dir}/conf/https.keystore"
 keystorePass="*****"
/>

Then created the certificate with OpenSSL:

// generating the key
openssl genrsa -des3 -out C:\CertTest\https.key

// generating the certificate request
openssl req -new -config C:\CertTest\elogon.cfg -key C:\CertTest\https.key -out C:\CertTest\https.csr

// sign the certificate (by myself)
openssl x509 -req -days 365 -in C:\CertTest\https.csr -signkey C:\CertTest\https.key -out C:\CertTest\https.crt

// putting the certificate into the keystore
openssl pkcs12 -export -name eLogon -in C:\CertTest\https.crt -inkey C:\CertTest\https.key -out C:\CertTest\https.keystore

I copied the https.keystore file into the conf-directory of JBoss. But when I start JBoss I get an error:

21:56:36,437 14187 ERROR [Http11BaseProtocol] (main:) Error initializing endpoint
java.io.IOException: Invalid keystore format

I've read this wiki-article: http://wiki.jboss.org/wiki/Wiki.jsp?page=SSLSetup and checked my keystore with:

keytool -list -keystore C:\CertTest\https.keystore -storetype PKCS12

it seems correct. Keystore type: PKCS12, Keystore provider: SunJSSE and 1 entry:

elogon, 23.11.2006, keyEntry,
Zertifikatsfingerabdruck (MD5): ****

So why can't JBoss read my keystore-file?


best regards,
dominik