Databases
StackOverflow2013
Postsdbo
POHaving issues using existing Entrust certificates for Jetty SSL connection
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POHaving issues using existing Entrust certificates for Jetty SSL connection
    text
    copied!<p>I have three files from Entrust: *.csr, *.key and *.crt.</p> <p>So far:</p> <ol> <li>I have brought the *.key and *.crt into a PKCS12 keystore using OpenSSL</li> <li>I have imported the *.pkcs12 into a keystore using keytool</li> <li>Using this technique, I am able to use an SSL connection with Jetty</li> </ol> <p>However, I'm getting a Certificate Error in IE (unsecured items in Chrome).</p> <p>In our case, the certificates are currently being used for domain:80 (Apache) and I'm attempting to "reuse" them for domain:8443 (Jetty).</p> <p>Am I wrong in thinking that I can use these for Jetty as well? On the same IP/domain, but on a different port and webserver? My gut is telling me that one of these files relates to Entrust recognizing Apache (*.csr) and that I should have to do the same for Jetty?</p> <p><strong>Edit #1</strong></p> <p>The error goes as follow: </p> <pre><code>Certificate Error Untrusted Certificate The security certificate presented by this webiste was not issued by a trusted certificate authority This problem may indicate an attempt to fool you or intercept any data you send to the server. We recommend that you close this webpage. </code></pre> <p>But yet Chrome, sees it as valid. I does have to work on IE since it's our standard.</p> <p><strong>Edit #2</strong></p> <ol> <li>Chrome doesn't complain</li> <li>Nor does Firefox</li> </ol> <p><strong>Edit #3</strong></p> <p>I found our CA certificate specified in the Apache conf file. I then proceeded to concatenate our cert with the CA cert into a PKCS12 file. Then, using keytool, I generated the keystore.</p> <p>I loaded it on the server, rebooted and viewed in IE. IE still shows a certificate issue.</p> <p>In the concatenated file, I see in this order: our cert and then 2 other certificates.</p> <p>On a side note, I called Entrust and the CSR saw no problems as he was using IE 8. We're on IE7.</p> <p><strong>Edit #4</strong></p> <p>Using this command:</p> <pre><code>keytool -list -keystore keystore -v </code></pre> <p>It shows 3 certificates (in this order):</p> <ol> <li>Ours</li> <li>Owner: CN=Entrust Certification Authority - L1C,</li> <li>Owner: CN=Entrust.net Certification Authority (2048)</li> </ol> <p><strong>Edit 5</strong></p> <p>Solved! I guess I had a caching issue. Confirmed with colleagues. </p> <p>Answer, Concatenating all my certs, including the CA cert, into the keystore solved my issue.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload