You can test your root CA and intermediate CA by using this command.
Put your CA's into this file /tmp/ca.crt and test. It should return
verified (0) if your server is setup correctly. Then just import the
/tmp/ca.crt into your client cacerts truststore.
openssl s_client -connect localhost:443 -state -debug -CAfile /tmp/ca.crt
On 05/08/2012 09:15 AM, Young Gu wrote:
How do you install your SSL certification? What client are you using?
Can you post the log details?
Please be free to contact with me for any question or suggestion.
Thanks& Best Regards .
------------------------------------------------------------------
Young Gu
Software Engineer
http://www.infor.com
On 05/08/2012 10:52 PM, [email protected] wrote:
Hello,
So I can't seem to figure out how to get our SSL cert working on
James so I was hoping someone could help me out?
I generated an RSA 2048 private key and certificate request using
openssl. I've read on googles that this is probably where I
originally went wrong as some people claim that if you do not use a
java keystore from the beginning to generate the request then its
never going to work.
Anyway I got my certificate from entrust which has a chain cert and a
root cert. I went through their instructions (and others) and
imported the root cert and then the chain cert and then finally our
cert. Attempting to use the cert gives me a "no cipher suites in
common" error.
Doing research on this I find out that I need the private key in the
keystore since I did not generate the request from keytool with a
keystore orginally. So I tried with the keystore I already had as
well as a keystore from scratch. When I do this I see SSL
communication but it looks like its referencing some default
self-signed cert I created for testing or someone had added to the
default java keystore? The instructions I used I found here:
http://stackoverflow.com/questions/906402/importing-an-existing-x509-certificate-and-private-key-in-java-keystore-to-use-i
Was hoping to avoid re-doing the cert. Does anybody have experience
with setting up SSL?
Regards,
Roy
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
