I want to switch from using a self-signed certificate in Restlet, which
worked well, to a startcom certificate. The reason I want to change it
is that I want to give third parties access to the server without having
to give them my self signed cert.
Now I see an issue with Restlet apparently not sending the certificate
chain, which my android app doesn't like. When I type
openssl s_client -showcerts -connect pengo.christine.nl:9005
in a shell, I get this error:
CONNECTED(00000003)
depth=0 CN = pengo.christine.nl
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = pengo.christine.nl
verify error:num=21:unable to verify the first certificate
verify return:1
When I type
openssl s_client -showcerts -connect pengo.christine.nl:9005 -CAfile
./chain.crt
with chain.crt containing the root cert and intermediate cert, I get
CONNECTED(00000003)
depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate
Signing, CN = StartCom Certification Authority
verify return:1
depth=1 C = IL, O = StartCom Ltd., OU = StartCom Certification
Authority, CN = StartCom Class 1 DV Server CA
verify return:1
depth=0 CN = pengo.christine.nl
verify return:1
My restlet configuration contains
params.add("sslContextFactory",
"org.restlet.engine.ssl.DefaultSslContextFactory");
params.add("keystorePath",
"/home/christine/motogymkhana/pengo_ssl.jks");
params.add("keystorePassword", ServerConstants.keyStorePw);
params.add("keystoreType", "JKS");
params.add("keyAlias", ServerConstants.keyAlias);
params.add("keyPassword", ServerConstants.keyPw);
The keystore does contain the same certificates as the chain.crt file.
How do I make Restlet send the chain with the certificate?
dagdag
Christine
--
dagdag is just a two character rotation of byebye
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3164075
