The KeyStore portlet functionality in 1.1.1 has been tested.  I have done end-to-end test of importing trusted certificate, importing CA reply, setting up HTTPS with Client Authentication and sample applications.  I did not come across any problems.  If you send the root, intermediate and your personal certificate, I will be able to investigate the problem (if indeed there is one).


On 11/13/06, Bob Dushok <> wrote:
I was expecting an error to appear within the console is something
had gone wrong during the keystore operations.  I just checked the
server logs and found the following errors:

When importing the intermediate certificate (as a trust certificate):
47825: 19:20:15,746 ERROR [ConfirmCertificateHandler] Unable to
import certificate

When importing the CA root certificate (as the trust certificate):
47897: 19:22:23,388 ERROR [FileKeystoreInstance] Unable to import

When attempting to import the CA reply:
47826: 19:20:52,707 ERROR [BaseKeystoreHandler] Error importing CA reply


On Nov 12, 2006, at 7:33 PM, Bob Dushok wrote:

> I'm having difficulty completing the setup of an HTTPS listener.
> I'm following the docs named "Certificate Properties File Realm" at
> "
> +Properties+File+Realm".
> I've created the keystore, generated the private key, and generated
> a CSR without a problem.   I've submitted the CSR to GoDaddy and
> have obtained their reply.
> When I click "Import CA Reply" I copy/paste the data from GoDaddy
> (including the BEGIN CERTIFICATE and END CERTIFICATE lines), but
> Geronimo seems to ignore my entry.  No errors appear.  I'm placed
> back on the keystore config page and the issuer is still listed as
> myself, not GoDaddy (Starfield).
> Any suggestions on how to proceed would be appreciated.
> In addition to their reply, GoDaddy also provides a root and
> intermediate certificate.  I assume the root certificate is what I
> need to add as a trusted certificate, but Geronimo again refuses to
> accept it.  How do I add the intermediate certificate to my config?
> Thanks,
> Bob