The KeyStore portlet functionality in 1.1.1 has been tested. I have done end-to-end test of importing trusted certificate, importing CA reply, setting up HTTPS with Client Authentication and sample applications. I did not come across any problems. If you send the root, intermediate and your personal certificate, I will be able to investigate the problem (if indeed there is one).
I was expecting an error to appear within the console is something
had gone wrong during the keystore operations. I just checked the
server logs and found the following errors:
When importing the intermediate certificate (as a trust certificate):
47825: 19:20:15,746 ERROR [ConfirmCertificateHandler] Unable to
When importing the CA root certificate (as the trust certificate):
47897: 19:22:23,388 ERROR [FileKeystoreInstance] Unable to import
When attempting to import the CA reply:
47826: 19:20:52,707 ERROR [BaseKeystoreHandler] Error importing CA reply
On Nov 12, 2006, at 7:33 PM, Bob Dushok wrote:
> I'm having difficulty completing the setup of an HTTPS listener.
> I'm following the docs named "Certificate Properties File Realm" at
> I've created the keystore, generated the private key, and generated
> a CSR without a problem. I've submitted the CSR to GoDaddy and
> have obtained their reply.
> When I click "Import CA Reply" I copy/paste the data from GoDaddy
> (including the BEGIN CERTIFICATE and END CERTIFICATE lines), but
> Geronimo seems to ignore my entry. No errors appear. I'm placed
> back on the keystore config page and the issuer is still listed as
> myself, not GoDaddy (Starfield).
> Any suggestions on how to proceed would be appreciated.
> In addition to their reply, GoDaddy also provides a root and
> intermediate certificate. I assume the root certificate is what I
> need to add as a trusted certificate, but Geronimo again refuses to
> accept it. How do I add the intermediate certificate to my config?