Chris Searle

Instead of using a self-signed certificate with glassfish (see Creating new SSL keys with keytool for glassfish) - we want to use one that is signed by a certificate authority.

Based on http://blogs.sun.com/enterprisetechtips/entry/using_ssl_with_glassfish_v2

Technorati Tags: glassfish keystore keytool openssl ssl English

I needed to generate a new certificate for glassfish's admin pages.

Instead of using the normal OpenSSL self-signed certificate it was easier just to use the java keystore keytool

keytool -genkey -keyalg RSA -alias
<alias_referred_to_in_glassfish>
-keystore glassfish/domains/domain1/config/keystore.jks
-storepass changeit

Note the -keyalg RSA - keytool by default uses DSA and firefox 3.0 will not accept this even with an added security exception.

Technorati Tags: glassfish java keystore keytool ssl English

UPDATE - progress - see end of article

I have an openssl self-signed certificate for some websites. These are based on an openssl RSA key. I can use them successfully as client keys - but - it seems that glassfish (perhaps all others - I don't know) need the key in the keystore as well as the certificate.

Technorati Tags: keystore openssl English

I use a plugin to Aperture to send mail to gmail. It was failing due to a

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path
building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target

Technorati Tags: aperture aperture2gmail cacerts gmail google java jssecacerts keystore ssl English

There are several reasons you may need to add a self-signed https ssl certificate to your local java keystore.

For me - its so that maven can access DAV shares for repository deployment.

Technorati Tags: java keystore keytool maven ssl webdav English