I have a done some research into how to prepare the wildcard certificate and add it in a manner in which it could be used within WildFly/JBoss (I'm using WildFly 16, but it should be the same for JBoss).
Files I have (and what they are - gathered from Discerning GoDaddy SSL Certificate Types):
<series of numbers>.crt: My certificategd_bundle-g2-g1.crt: GoDaddy Certificate Bundles - G2 With Cross to G1, includes Rootgdig2.crt.pem: GoDaddy Secure Server Certificate (Intermediate Certificate) - G2privatekey.txt: Private Key for my certificate
Through a series of research and assistance from a coworker, I found I could prepare and add the certificates via the following commands:
openssl pkcs12 -export -in <series of numbers>.crt -inkey privatekey.txt -out outfile.pkcs12 -name yourdomain.com -CAfile gd_bundle-g2-g1.crt -caname root
<enter a password>
keytool -importkeystore -trustcacerts -deststorepass <newpass> -destkeypass <newpass> -destkeystore new.keystore -srckeystore outfile.pkcs12 -srcstoretype PKCS12 -srcstorepass <password entered above> -alias yourdomain.com
So, this all works, from a browser anyway. I can browse to pages hosted via WildFly and they work fine and the browser reports no SSL errors. However, an application that I have which uses WebSocket connections failed to verify the certificate. To look into this more I used the following against my site:
openssl s_client -connect yoursite.yourdomain.com:443
This resulted in the following:
Verification error: unable to verify the first certificate
After researching this, I found that Firefox will perform "certificate discovery" and resolve the chain to verify the server's certificate, even if it wasn't provided. So here I am trying to determine what's missing...
