Skip to main content

Merchant is requiring me to update my SSL keystore!?

6 replies [Last post]
zambizzi
Offline
Joined: 2005-08-19

I recently received an email from our merchant service that I'll need to import some new root and intermediate certs. I get really nervous when anything involving SSL needs to be done in GF, since it was such a pain to get it working to begin with.

Here's the link:

http://www.cybersource.com/support/sslcert/

What are the dangers? What should I be aware of? Can I do this while the server is running? Any words of wisdom or gotchas would be helpful.

Thanks!

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
km
Offline
Joined: 2005-10-28

GlassFish uses its own keystore/truststore. So, you'd need to do this to keystore.jks/cacerts.jks in the domain-folder/config.

-Kedar

zambizzi
Offline
Joined: 2005-08-19

I'm using v2-ur2 in test but the build I mentioned previous, in production. In my test system, there is both a "cacerts" and a "cacerts.jks" file, mysteriously. In production there is only a "cacerts.jks" file.

The instructions call for doing this in the "cacerts" file. Will modifying it for "cacerts.jks", since it is my only option in production, prevent this from working correctly?

I'm probably being overly cautious, but my sphincter clenches every time something needs to be done w/ SSL. :P

I did it in the test system (which doesn't use our SSL cert obviously) and it didn't *hurt* anything, so far as I can tell.

Thanks again!

km
Offline
Joined: 2005-10-28

LOL :)
Anything that has to do with SSL (and security) has to be hard, by definition ;).

Anyway, this should not be that hard. If it has worked on your test system, chances are it will work seamlessly on your production system. From the looks of it, it appears that you are now asked to trust a new root CA cert which should be okay, if the clients are made aware of this new CA cert.

-Kedar

Oleksiy Stashok

Which GlassFish version do you use?

WBR,
Alexey.

On Feb 16, 2010, at 0:09 , glassfish@javadesktop.org wrote:

> I recently received an email from our merchant service that I'll
> need to import some new root and intermediate certs. I get really
> nervous when anything involving SSL needs to be done in GF, since it
> was such a pain to get it working to begin with.
>
> Here's the link:
>
> http://www.cybersource.com/support/sslcert/
>
> What are the dangers? What should I be aware of? Can I do this
> while the server is running? Any words of wisdom or gotchas would
> be helpful.
>
> Thanks!
> [Message sent by forum member 'zambizzi' (zambizzi@gmail.com)]
>
> http://forums.java.net/jive/thread.jspa?messageID=386872
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
> For additional commands, e-mail: users-help@glassfish.dev.java.net
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: users-help@glassfish.dev.java.net

zambizzi
Offline
Joined: 2005-08-19

We're at v2 (build b58g-fcs) in production.

I guess I'm unclear as to whether I do this to my JDK keystore or Glassfish? Both? Our tech support hasn't been very expedient.

Oleksiy Stashok

> We're at v2 (build b58g-fcs) in production.
>
> I guess I'm unclear as to whether I do this to my JDK keystore or
> Glassfish? Both? Our tech support hasn't been very expedient.
I guess steps on the page describe keystore update on JDK level only.

> [Message sent by forum member 'zambizzi' (zambizzi@gmail.com)]
>
> http://forums.java.net/jive/thread.jspa?messageID=387007
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
> For additional commands, e-mail: users-help@glassfish.dev.java.net
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: users-help@glassfish.dev.java.net