Joe - Thanks for the reply. First off, according to GoDaddy, thier certificates are downloaded in PKCS#7 format using x.509.
First I created the keystore... c:\java\jdk1.5\bin\ keytool -genkey -keyalg RSA -alias ssl -keystore eparts.keystore Second the CSR.. c:\java\jdk1.5\bin\ keytool -certreq -alias ssl -keyalg RSA -file certreq.csr -keystore eparts.keystore Third, submitted to GoDaddy and downloaded 4 files from them.. valicert_class2_root gd_cross_intermediate.crt gd_intermediate.crt www.epartsbiz.com.crt Forth, I ran the following to import them into the keystore... keytool -import -alias root -keystore eparts.keystore -trustcacerts -file valicert_class2_root.crt keytool -import -alias cross -keystore eparts.keystore -trustcacerts -file gd_cross_intermediate.crt keytool -import -alias intermed -keystore eparts.keystore -trustcacerts -file gd_intermediate.crt keytool -import -alias tomcat -keystore eparts.keystore -trustcacerts -file www.epartsbiz.com.crt I get success at the end of each import. I then copied the eparts.keystore into base/config/ and changed the password and file directive in ofbiz_container.xml. Restarted tomcat. Thanks for any help! Rick Joe Eckard <[EMAIL PROTECTED]> wrote: Can you describe the process you used to import the certificate into a keystore? I always start with a .key and a .crt and follow "Step 3: Loading Keys and Certificates" here: http://docs.codehaus.org/display/JETTY/How+to+configure+SSL#HowtoconfigureSSL-step3 to convert them to pkcs12 and load them into a JKS keystore. (may require that you download jetty to use their pcks12 import utility class, depending on your certificate format) -Joe On May 17, 2008, at 3:39 PM, Richard Fleming wrote: > Hi all - > > I've created a keystore and downloaded a signed certificate from > Godaddy.com. I've imported both intermediate and new cert into my > keystore. I configured the containers.xml to use the new keystore > and restarted ofbiz. But still both Firefox and IE see the new cert > as issued by me and it seems therefore that a warning pops up about > a problem with the certificate not be issued by a trusted authority. > > Any pointers about how to go about correcting this would really > appreciated. I'v followed the ofbiz technical guide for setting up > SSL. > > Do we still need to download in PKCS#7 format? I haven't asked > Godaddy which format they provide. I'll do that next. > > Thanks for any and all pointers. > > Rick > >
