I am trying to install a signed SSL certificate into Glassfish but I failed. Here is the list of steps
1. I used keytool to generate new key pair (alias domain1)
keytool -genkeypair -keyalg RSA -keystore glassfish/domains/domain1/config/keystore.jks -validity 1000 -alias domain1
2. Generate Certificate signing request (out - domain1.csr)
keytool -certreq -alias domain1 -file **domain1.csr** -keystore glassfish/domains/domain1/config/keystore.jks
3. I used OpenSSL to generate my own Root CA certificate
3.1. Generate root CA private key ( out - rootCA.key )
openssl genrsa -out rootCA.key 1024
3.2. Creating certificate signing request (out - rootCA.csr )
openssl req -new -key rootCA.key -out rootCA.csr
3.3. Self-sign rootCA.csr ( out - rootCA.crt )
openssl x509 -req -days 3650 -in rootCA.csr -signkey rootCA.key -out rootCA.crt
4. Sign domain1.csr ( generated from step 2) - ( out - domain1.crt)
openssl x509 -req -days 500 -in domain1.csr -CA rootCA.crt -CAkey rootCA.key -out **domain1.crt** -CAcreateserial
5. I have 2 signed certificates
- rootCA.crt
- domain1.crt
6. I need to install rootCA.crt, domain1.crt into Glassfish v3
6.1. import rootCA.crt into /glassfish/domains/domain1/config/cacerts.jks with alias rootCA ( Successfully)
keytool -import -v -trustcacerts -alias rootCA -file rootCA.crt -keystore cacerts.jks
6.2. import domain1.crt into /glassfish/domains/domain1/config/keystore.jks with alias domain1 ( FAILED)
keytool -import -v -trustcacerts -alias domain1 -file domain1.crt -keystore keystore.jks
At step 6.2. I received the error message:
keytool error: java.lang.Exception: Failed to establish chain from reply
Anyone knows what steps I am missing when I import rootCA.crt and domain1.crt into Glassfish?
Since glassfish keystore.jks only stores Private keys so I am wondering that do I have to import self-signed rootCA.crt into keystore.jks?
Thank you so much!
I think that you are missing CA certificate in the keystore.jks. Try this after the step 6.1: