1

I've generated an SSL certificate with keytool:

keytool -keystore keystore -alias mySite -genkey -keyalg RSA -keysize 2048

I got this configured and working fine, but obviously it wasn't signed by a trusted CA, so I generated a CSR:

keytool -certreq -alias mySite -keystore keystore -file mySite.csr

GoDaddy gave me two certificates back, which I imported into my keystore:

keytool -keystore keystore -import -alias mySite.com -file mySite.com.crt
keytool -keystore keystore -import -alias gd_bundle -file gd_bundle.crt

I thought this would be sufficient, but I am still getting an untrusted certificate warning when I hit my app through the browser. Am I missing a step? My app is running on Jetty, and the only configuration I've provided is the keystore and the key-password.

I am getting the following exception:

javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
dbyrne
  • 198
  • 7

1 Answers1

1

After messing around with this for a couple hours, I was able to find a solution. I ended up using openssl instead of keytool:

openssl genrsa -des3 -out mysite.key 2048
openssl req -new -key mysite.key -out mysite.csr

Submit the CSR, and once you get issued a cert:

openssl pkcs12 -export -chain -CAfile gd_bundle.crt -in mysite.com.crt -inkey mysite.key -out mysite.pkcs12
java -classpath jetty-util-6.1.26.jar:jetty-6.1.26.jar org.mortbay.jetty.security.PKCS12Import mysite.pkcs12 keystore

Hope others find this useful!

dbyrne
  • 198
  • 7