I've followed this thread for importing my GeoTrust Wildcard certificate for my company domain. From GeoTrust I received a private key, a public key and an intermediate certificate all in PEM format. These are all the steps I've made so far:
keytool -genkeypair -alias company -keyalg RSA -keysize 2048 -validity 7360 -keystore cdn.keystore -keypass pass -storepass pass
keytool -import -v -trustcacerts -storepass pass -alias primaryca -keystore cdn.keystore -file public.pem
openssl pkcs12 -export -in public.pem -inkey private.pem -CAfile ca.pem -name company -out keystore.p12
keytool -importkeystore -deststorepass pass -destkeypass pass -destkeystore cdn.keystore -srckeystore keystore.p12 -srcstoretype PKCS12
The third passage ask me to overwrite the company entry inserted in the first passage: if I say no, the browser doesn't recognized the GeoTrust certificate and it treats it like a normal self signed certificate. If I say yes, all seems to work properly but if I check my installation with GeoTrust CryptoReport (or another site) it tells me it miss intermediate key and it's not trusted.
If I open the site with Chrome or Firefox I don't receive any security warning, but I'm concerned that the previous error could lead to incompatibilities with Microsoft ADFS (I use Spring Security SAML).
Any ideas?
