JBOSS (java based certificate issues)

Learn about Computer Security Digital Certificates and Digital Signing
#1

Hi I am a brand new Comodo want-a-be customer and I need to make sure that your stuff works before I buy what I need. Currently I have two types of servers that need ssl certificates

  1. Apache mod-ssl - No problem it works great
  2. JBOSS (j2ee application server) - I have issues here

I used the following references to secure my certificate for JBOSS

A. Create Certificate Request

B. Install Certificate

http://www.instantssl.com/ssl-certificate-support/cert_installation/ssl-certificate-java.html

A little background JBOSS is a java based application and uses keytool to generate csrs and store it stores all the certificate stuff in a keystore file. The keystore is referenced in an xml configuration file called server.xml. The default port for jboss ssl is 8443. When Generating the cerificate I used the only java option in the drop down box for certificate type.

To create the private key and certificates I ran the following commands:

keytool -genkey -keyalg RSA -keystore jboss.dev1.com.key -validity 360
keytool -certreq -keyalg RSA -file dev1.com.csr -keystore jboss.dev1.com.key

I used the contents of the .csr file to create my java based certificate, which is delivered in a zip file which was problem number 1.

Problem 1. -the zip file contains 5 certificates, not 3 like the directions imply these files are:

AddTrustExternalCARoot.crt
ComodoUTNServerCA.crt
EssentialSSLCA.crt
UTNAddTrustServerCA.crt
dev1_com.crt

So for lack of better direction I did the following Installation steps:

keytool -import -trustcacerts -alias root -file AddTrustExternalCARoot.crt -keystore jboss.dev1.com.key
keytool -import -trustcacerts -alias INTER -file EssentialSSLCA.crt -keystore jboss.dev1.com.key
keytool -import -trustcacerts -alias dev1 -file dev1_com.crt -keystore jboss.dev1.com.key

Guessing that EssentialSSLCA.crt was the INTERmediate certificate

Is this correct or should I somehow be adding these other certificates to the keystore?

  1. Problem 2

When I use this certificate and attempt to access the jboss server via

https://dev1.com:8443

The browser sqwaks that it is expecting server dev1.com but getting dev1.com:8443.

I tried creating a certificate for dev1.com:8443 but the comodo certificate generator did not like this.

Can some give me a hint on what I am doing wrong?

Thanks

Dick

#2

as per your responce in the support ticketing sytem below : -

This is what I have figured out so far; we outsource our data center
responsibilities to a company called DATA393, I had them open up port 8443
for us to use, some how that particular port is being remapped to some other
application outside of jboss called plesk (I know this is vague but I really
don’t know yet what is causing this).

I remapped SSL to port 8088 and now the jboss application is coming up and
getting to my application login screen.

this issue appears to be resolved