1

What I need: I have an existing SSL certificate installed on IIS 6. On the same machine, I have GlassFish installed and would like to share the same certificate since they both share the same hostname, and they use different ports: IIS uses 443 and GlassFish uses 8181.

Why I need it: Reuse existing SSL certs from IIS to GlassFish. I imagine that this is possible. I am able to install an SSL cert into GlassFish's keystore, and then import the same exact cert into IIS. I just want to go the other way - imagine having an SSL cert on IIS being used for months, and now I want to enable SSL on GlassFish.

What I have done:

  • Created a keystore with an alias: server.hostname.com
  • Imported intermediate CA certs associated with the existing SSL Cert
  • Imported the existing SSL cert with the same alias: server.hostname.com, but the keytool won’t allow this, as it is not associated: keytool error: java.lang.Exception: Public keys in reply and keystore don't match Why? Using a different alias causes the cert to not be trusted in the CA chain.
Tim H
  • 11
  • 2
  • Thank you for your reply. The problem is not the export, but the import into GlassFish. I've exported the existing SSL cert to a .pfx file, and I can import this into the java keystore; however, the cert is not trusted because there is no CA chain for the cert. –  Jan 12 '11 at 14:33
  • 2
    Are you sure the PFX contains the private-key and not just the certificate(s)? Why does the error message refer to 'reply'? – Ram Jun 14 '12 at 00:21

1 Answers1

1

did you export the certificate from your servers certificate store? only there is the private key to the certificate issued by the ca. you need to start an mmc add the certificate snap-in for the computeraccount. go to "personal" certificate and export it there. For windows 2003 i found an article at ms http://technet.microsoft.com/en-us/library/cc737187%28WS.10%29.aspx

lepole
  • 1,733
  • 1
  • 10
  • 17