Friday, October 12, 2007

Using an SSL certificate for IIS under JBoss/Tomcat

If your certificate was requested for IIS, it will likely throw a pop up warning on pages if you install it under JBoss. Although there is a way to fix this.

For different servers, often the CA will use a different chain to sign your SSL cert. The only trick is to explicitly chain these together when building a keystore. This takes a little guesswork, but there are a limited number of intermediate and root certs.

To test out a configuration, it's probably best to add an entry in the local hosts file on the machine, and use a local (or development) server that can be started and stopped quickly.

For example, if it's a go daddy certificate, google for "go daddy root ca". You might get this page:

Download them all for testing.

in my case, these worked:
intermediate: gd_intermediate.crt
root: gd-class2-root.cer

But overall, use the same instructions below as below:

No comments: