Author Topic: JBOSS (java based certificate issues)  (Read 13875 times)

Offline ahasystems

  • Newbie
  • *
  • Posts: 1
JBOSS (java based certificate issues)
« on: April 06, 2007, 04:30:16 PM »
Hi I am a brand new Comodo want-a-be customer and I need to make sure that your stuff works before I buy what I need.  Currently I have two types of servers that need ssl certificates

1. Apache mod-ssl - No problem it works great
2. JBOSS (j2ee application server) - I have issues here

I used the following references to secure my certificate for JBOSS

A. Create Certificate Request

https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=244&nav=0,1,33

 
B. Install Certificate
 
http://www.instantssl.com/ssl-certificate-support/cert_installation/ssl-certificate-java.html

A little background JBOSS is a java based application and uses keytool to generate csrs and store it stores all the certificate stuff in a keystore file.  The keystore is referenced in an xml configuration file called server.xml.  The default port for jboss ssl is 8443.  When Generating the cerificate I used the only java option in the drop down box for certificate type.

 To create the private key and certificates I ran the following commands:

>keytool -genkey -keyalg RSA -keystore jboss.dev1.com.key -validity 360
>keytool -certreq -keyalg RSA -file dev1.com.csr -keystore jboss.dev1.com.key

I used the contents of the .csr file to create my java based certificate, which is delivered in a zip file which was problem number 1.

Problem 1. -the zip file contains 5 certificates, not 3 like the directions imply these files are:

AddTrustExternalCARoot.crt
ComodoUTNServerCA.crt
EssentialSSLCA.crt
UTNAddTrustServerCA.crt
dev1_com.crt


So for lack of better direction I did the following Installation steps:

 > keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore jboss.dev1.com.key
 > keytool -import -trustcacerts -alias INTER -file EssentialSSLCA.crt -keystore jboss.dev1.com.key
 > keytool -import -trustcacerts -alias dev1 -file dev1_com.crt -keystore jboss.dev1.com.key

Guessing that EssentialSSLCA.crt  was the INTERmediate certificate

Is this correct or should I somehow be adding these other certificates to the keystore?

2. Problem 2

When I use this certificate and attempt to access the jboss server via

https://dev1.com:8443

The browser sqwaks that it is expecting server dev1.com but getting dev1.com:8443.

I tried creating a certificate for dev1.com:8443 but the comodo certificate generator did not like this.

Can some give me a hint on what I am doing wrong?

Thanks

Dick
 

Offline Anthony Nel

  • Newbie
  • *
  • Posts: 19
Re: JBOSS (java based certificate issues)
« Reply #1 on: April 10, 2007, 09:00:14 AM »
as per your responce in the support ticketing sytem below : -
____________________________________________

This is what I have figured out so far; we outsource our data center
responsibilities to a company called DATA393, I had them open up port 8443
for us to use, some how that particular port is being remapped to some other
application outside of jboss called plesk (I know this is vague but I really
don't know yet what is causing this).

I remapped SSL to port 8088 and now the jboss application is coming up and
getting to my application login screen.
_____________________________________________

this issue appears to be resolved
Kind Regards
Anthony Nel
Tech Support

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek