Chris Searle

Instead of using a self-signed certificate with glassfish (see Creating new SSL keys with keytool for glassfish) - we want to use one that is signed by a certificate authority.

Based on http://blogs.sun.com/enterprisetechtips/entry/using_ssl_with_glassfish_v2

Technorati Tags: glassfish keystore keytool openssl ssl English

I've been using self-signed certificates for a while - but - that means getting the users to approve them each time they change. Instead - lets generate a Certificate Authority (CA) certificate with a reasonably long life - get them to install that and then new certificates signed with that will be valid for them.

Technorati Tags: CA.pl debian openssl ssl English

UPDATE - progress - see end of article

I have an openssl self-signed certificate for some websites. These are based on an openssl RSA key. I can use them successfully as client keys - but - it seems that glassfish (perhaps all others - I don't know) need the key in the keystore as well as the certificate.

Technorati Tags: keystore openssl English