verisign certificate into jboss server SSL

Question

i'm trying to enable jboss to uses ssl protocol using a previously generated certificate from verisign, i imported both certificate, server certificate and ca certificate into the keytore file, and i configured the server.xml to use that keystore and activate ssl protocol, then when i run the jboss, I got this error "certificate or key corresponds to the SSL cipher suites which are enabled"

Question, reading some post on internet, i found that every example was made it generating a Certificate Request, it stricly necesary to do that if i already have the server certificate and that CSR has to be imported into the keystore as well ? at this point i'm very confused about this issue, i tried almost every solutions posted in several forums but till now i haven't any luck !! can you give me some tips in order to solve this problem.

thanks in advance

this are my keystore file: Keystore type: jks Keystore provider: SUN

Your keystore contains 2 entries

j2ee, Dec 29, 2009, trustedCertEntry, Certificate fingerprint (MD5): 69:CC:2D:2A:2D:EF:C4:DB:A2:26:35:57:06:29:7D:4C ugent, Dec 29, 2009, trustedCertEntry, Certificate fingerprint (MD5): AC:D8:0E:A2:7B:B7:2C:E7:00:DC:22:72:4A:5F:1E:92

and my server.xml configuration:

I was going to add something but I think your issue is resolved. — Nikolas Sakic, Jun 20 '10 at 06:50
Do you have the server key used to sign the certificate signing request for the certificate? — HampusLi, Aug 13 '11 at 20:18

score 1 · Answer 1 · answered Dec 30 '09 at 01:56

1

Finally i found a solution for this problem, as you said i need to have my private key, server certificate and ca certificate into my keystore, in this post they explains how to import this 3 existing elements (as in my case) into the keystore using a very useful tool called keyman. http://www.jguru.com/faq/view.jsp?EID=532461

cheers,

answered Dec 30 '09 at 01:56

Not only that, but make sure there is a cert chain after the import. – djangofan Mar 20 '12 at 16:58

score 0 · Answer 2 · answered Dec 29 '09 at 21:19

When you generate the certificate request in the store then the public/private keypair is generated in the store. These keys are required for SSL Encryption to work. It sounds to me like these were generated on the other system and not are not in your store.

Usually you can transport certificates and keys around in a file format called pfx but the java keytool stuff doesn't seem to do much with this and as you suggest would like you to generate a new keypair/certificate and then go from there.

It does seem possible however to import a whole keystore into your new keystore so if you have the old machine/keystore this may be a possibility.

http://download.java.net/jdk7/docs/technotes/tools/solaris/keytool.html

verisign certificate into jboss server SSL

2 Answers2