0 Replies Latest reply: Apr 26, 2013 9:42 AM by 1005770 RSS

    Java Keystore,Private Key,Certificate,Intermediate and Root CA Certificates


      I have generated the private key and Certificate Signing Request (CSR) using openssl, and received back the certificate, intermediate certificate and root certificate from the CA.

      The private Key has no password so i do not have to be available when the apache restarts etc.

      In reading the jboss documentation, it states that the Private Key and keystore password MUST be the same :


      About 1/10th down the page.

      Is this correct ?.

      I have implemented a new keystore with the private key and certificates, intermediate and root, using the keytool command and still i get a browser reporting an issue with the site certificate.

      I have tried adding the certificates (site, intermediate, root) in all manner of combinations, and added them to the cacerts too, and still obtaining the same problem.

      When i tried to add to the specified keystore for jboss where i had previously added to cacerts, it stated that the root was already in the system-wide keystore.

      So are there multiple issues :

      1. Password for private key must be the same as the keystore ?
      2. The java system checks cacerts first before the defined keystore ?
      3. Is there a specific order required for adding certificates ?
      4. Should certificates be added to cacerts for intermediate and root, and only site certificate in jboss defined keystore ?
      5. I received divide by zero error when adding the private key since it has no password, hence can only private keys with password be used for java keystores ?

      Any guidance gratefully received.

      Thanks and regards,


      Edited by: 1002767 on 26-Apr-2013 07:42