I'm looking at the new keystore I created with all of the CA certs
included. Three of those; three website certs; keytool -list says I have
six certs whether or not I use -v.
On 4/22/2016 11:31 AM, Simone Bordet wrote:
Hi,
On Fri, Apr 22, 2016 at 8:07 PM, Steve Sobol - Lobos Studios
<[email protected]> wrote:
Well yeah, that's the thing, I do have them. With Apache I just have them
bundled in a single file and I use the SSLCertificateChainFile directive (I
believe) to point to them. I tried putting the CA certs in the truststore.
Didn't work. Tried putting them in the keystore with the website certs.
Didn't work.
So, I'm a little lost. :(
Trustores are only useful when you receive a certificate and you want
to verify that is trustable. Typically clients use them (e.g. the
server sends a self-signed certificate).
I think we have the same (or a very similar) setup for Webtide's website.
If I do:
keytool -list -keystore keystore
it prints:
Your keystore contains 4 entries (fingerprints removed):
comodo_ca, Jan 15, 2016, trustedCertEntry,
addtrust_ca_root, Jan 15, 2016, trustedCertEntry,
server, Jan 15, 2016, PrivateKeyEntry,
comodo_domain_ca, Jan 15, 2016, trustedCertEntry,
If I do:
keytool -list -v -keystore keystore
it prints a lot more. The important thing is that the "server" alias
(in our case, or the alias that has the private key) has attached 4
certificates.
In our case I see:
Alias name: server
Creation date: Jan 15, 2016
Entry type: PrivateKeyEntry
Certificate chain length: 4
Certificate[1]:
...
Certificate[2]:
...
Certificate[3]:
...
Certificate[4]:
...
These entries should match the other entries you have in the keystore.
If you don't have "Certificate chain length: 4" (or whatever length
you have), but you have only length=1, then you have imported the
certificate into the keystore in the wrong way.
Let us know.
--
Lobos Studios | Phone: 877.919.4WEB | LobosStudios.com |
Facebook.com/LobosStudios | @LobosStudios
Web Development - Mobile Development - Helpdesk/Tech Support - Computer Sales &
Service
Acer Authorized Reseller - Computers, Windows and Android Tablets, Accessories
Steve Sobol - CEO, Senior Developer and Server Jockey
[email protected]
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
