Mailing-List: contact user-help@geronimo.apache.org; run by ezmlm
Precedence: bulk
Reply-To: user@geronimo.apache.org
Received-SPF: pass (herse.apache.org: domain of c1vamsi1c@gmail.com designates
 64.233.182.185 as permitted sender)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
        b=o2NJYkB5Ayv0nU4hMBzanbfq3QVqgsb1gQwJiKNyPztZspgbie9xUv2N89DVlzD4HsLd0YwrHqmCt2nAqlajAwof5vRJDA1GX5A31qDb7h0G+HAfgEt5oVRhvjTlP2Cthv9yNP2tto2iS12L32+cpOoWIziSL6IeU13n8nRDwQU=
Message-ID: <22d56c4d0611130651p7a86313exa02f948dcc37734d@mail.gmail.com>
Date: Mon, 13 Nov 2006 20:21:29 +0530
From: "Vamsavardhana Reddy" <c1vamsi1c@gmail.com>
To: user@geronimo.apache.org
Subject: Re: Certificate setup - Geronimo 1.1.1
In-Reply-To: <60387EB8-F4E2-4F17-AE0C-9D5B315046FC@mac.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_Part_7939_26119351.1163429489091"
References: <D5A9A2D9-ADC1-441A-A94C-4E4170BBBE99@mac.com>
	 <60387EB8-F4E2-4F17-AE0C-9D5B315046FC@mac.com>

------=_Part_7939_26119351.1163429489091
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Bob,

The KeyStore portlet functionality in 1.1.1 has been tested.  I have done
end-to-end test of importing trusted certificate, importing CA reply,
setting up HTTPS with Client Authentication and sample applications.  I did
not come across any problems.  If you send the root, intermediate and your
personal certificate, I will be able to investigate the problem (if indeed
there is one).

Thanks,
Vamsi

On 11/13/06, Bob Dushok <bdushok@mac.com> wrote:
>
> I was expecting an error to appear within the console is something
> had gone wrong during the keystore operations.  I just checked the
> server logs and found the following errors:
>
> When importing the intermediate certificate (as a trust certificate):
> 47825: 19:20:15,746 ERROR [ConfirmCertificateHandler] Unable to
> import certificate
>
> When importing the CA root certificate (as the trust certificate):
> 47897: 19:22:23,388 ERROR [FileKeystoreInstance] Unable to import
> certificate
>
> When attempting to import the CA reply:
> 47826: 19:20:52,707 ERROR [BaseKeystoreHandler] Error importing CA reply
>
> TIA,
> Bob
>
> On Nov 12, 2006, at 7:33 PM, Bob Dushok wrote:
>
> > I'm having difficulty completing the setup of an HTTPS listener.
> > I'm following the docs named "Certificate Properties File Realm" at
> > "http://cwiki.apache.org/confluence/display/GMOxDOC11/Certificate
> > +Properties+File+Realm".
> >
> > I've created the keystore, generated the private key, and generated
> > a CSR without a problem.   I've submitted the CSR to GoDaddy and
> > have obtained their reply.
> >
> > When I click "Import CA Reply" I copy/paste the data from GoDaddy
> > (including the BEGIN CERTIFICATE and END CERTIFICATE lines), but
> > Geronimo seems to ignore my entry.  No errors appear.  I'm placed
> > back on the keystore config page and the issuer is still listed as
> > myself, not GoDaddy (Starfield).
> >
> > Any suggestions on how to proceed would be appreciated.
> >
> > In addition to their reply, GoDaddy also provides a root and
> > intermediate certificate.  I assume the root certificate is what I
> > need to add as a trusted certificate, but Geronimo again refuses to
> > accept it.  How do I add the intermediate certificate to my config?
> >
> > Thanks,
> > Bob
>
>

------=_Part_7939_26119351.1163429489091
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Bob,<br>
<br>
The KeyStore portlet functionality in 1.1.1 has been tested.&nbsp; I
have done end-to-end test of importing trusted certificate, importing
CA reply, setting up HTTPS with Client Authentication and sample
applications.&nbsp; I did not come across any problems.&nbsp; If you
send the root, intermediate and your personal certificate, I will be
able to investigate the problem (if indeed there is one).<br>
<br>
Thanks,<br>
Vamsi<br><br><div><span class="gmail_quote">On 11/13/06, <b class="gmail_sendername">Bob Dushok</b> &lt;<a href="mailto:bdushok@mac.com">bdushok@mac.com</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I was expecting an error to appear within the console is something<br>had gone wrong during the keystore operations.&nbsp;&nbsp;I just checked the<br>server logs and found the following errors:<br><br>When importing the intermediate certificate (as a trust certificate):
<br>47825: 19:20:15,746 ERROR [ConfirmCertificateHandler] Unable to<br>import certificate<br><br>When importing the CA root certificate (as the trust certificate):<br>47897: 19:22:23,388 ERROR [FileKeystoreInstance] Unable to import
<br>certificate<br><br>When attempting to import the CA reply:<br>47826: 19:20:52,707 ERROR [BaseKeystoreHandler] Error importing CA reply<br><br>TIA,<br>Bob<br><br>On Nov 12, 2006, at 7:33 PM, Bob Dushok wrote:<br><br>&gt; I'm having difficulty completing the setup of an HTTPS listener.
<br>&gt; I'm following the docs named &quot;Certificate Properties File Realm&quot; at<br>&gt; &quot;<a href="http://cwiki.apache.org/confluence/display/GMOxDOC11/Certificate">http://cwiki.apache.org/confluence/display/GMOxDOC11/Certificate
</a><br>&gt; +Properties+File+Realm&quot;.<br>&gt;<br>&gt; I've created the keystore, generated the private key, and generated<br>&gt; a CSR without a problem.&nbsp;&nbsp; I've submitted the CSR to GoDaddy and<br>&gt; have obtained their reply.
<br>&gt;<br>&gt; When I click &quot;Import CA Reply&quot; I copy/paste the data from GoDaddy<br>&gt; (including the BEGIN CERTIFICATE and END CERTIFICATE lines), but<br>&gt; Geronimo seems to ignore my entry.&nbsp;&nbsp;No errors appear.&nbsp;&nbsp;I'm placed
<br>&gt; back on the keystore config page and the issuer is still listed as<br>&gt; myself, not GoDaddy (Starfield).<br>&gt;<br>&gt; Any suggestions on how to proceed would be appreciated.<br>&gt;<br>&gt; In addition to their reply, GoDaddy also provides a root and
<br>&gt; intermediate certificate.&nbsp;&nbsp;I assume the root certificate is what I<br>&gt; need to add as a trusted certificate, but Geronimo again refuses to<br>&gt; accept it.&nbsp;&nbsp;How do I add the intermediate certificate to my config?
<br>&gt;<br>&gt; Thanks,<br>&gt; Bob<br><br></blockquote></div><br>

------=_Part_7939_26119351.1163429489091--