Skip to main content

Glassfish and wildcard SSL cert?

2 replies [Last post]
gunark
Offline
Joined: 2006-06-30

I can't seem to get a wildcard SSL certificate working with Glassfish. By "wildcard" I mean a single-root certificate, for *.mycompany.com rather than a fully qualified domain.

When I import the certificate, keytool lists it as a trustedCertEntry rather than a keyEntry:

my-wildcard-cert, Sep 29, 2006, trustedCertEntry,
Certificate fingerprint (MD5): EF:95:B1:BC:8E:2C:AB:FB:74:BB:2F:6B:F3:FF:60:EA

I have a feeling this has to do with how wildcard certificates are implemented, although admittedly I don't fully understand it.

When I set the cert-nickname to the alias of the wildcard cert I imported, during startup I get:

Error initializing endpoint
java.io.IOException: Alias name name-of-my-cert does not identify a key entry

I guess Glassfish is looking for a keyEntry, but the alias I'm giving it is actually a trustedCertEntry.

Any idea how to do this? Do I need to somehow create a regular cert based on my wildcard cert and give that to glassfish?

Message was edited by: gunark

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
gunark
Offline
Joined: 2006-06-30

Still looking for some guidance on this..

gunark
Offline
Joined: 2006-06-30

Ah nevermind. I just needed to import the CA's certificate reply under the same alias as the self-signed cert I used to generate the certificate request. Everything works now.