Problem with GF and SSL: IE accepts certificate but Firefox doesn't

I don't get an exception. I get the popup message in Firefox: "Website Certified by an Unknown Authority".
As I posted, in IE I don't get this popup. Attached are screen shots of the certification path in IE and Firefox. As you can see, In Firefox my domain (secure.abmaps.com) is in the top level (there are no Verisign intermediate certificates in the path).
I couldn't find any specific instructions in the Verisign web site on how to install the intermediate certificate in glassfish.

For a BEA Webolgic server I saw that the command is:
C:\bea\jdk\bin\ keytool -import -alias rootca -keystore <your_keystore_filename> -trustcacerts -file intermediateCA.cer

Should I run the same command in glassfish?
What alias value should I give for the intermediate certificate?
Can you please post the keytool command for importing the Verisign intermediate certificate into glassfish.

Thanks,
Asaf
[Message sent by forum member 'asafb' (asafb)]

http://forums.java.net/jive/thread.jspa?messageID=282156

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@...
For additional commands, e-mail: users-help@...

You can run the same keytool command in GlassFish as well. The alias does not matter, it just has to be unique.

keytool -import -alias rootca -keystore <GF_HOME>/domains/domain1/config/cacerts.jks -trustcacerts -file intermediateCA.cer

Thanks.
[Message sent by forum member 'kumarjayanti' (kumarjayanti)]

http://forums.java.net/jive/thread.jspa?messageID=282199

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@...
For additional commands, e-mail: users-help@...

Hello Kumar,

I ran the [keytool -import....] command to install the Verisign intermediate certificate in cacerts.jks. and then ran the [keytool -list -v -keystore cacerts.jks] command and saw that the intermediate certificate was installed in cacerts.jks. After that I ran the java program (the fixed version...) to replace the certificate in keystore.jks Still, this did not fix the problem in Firefox (when I list the certificates in keystore.jks I still see: Certificate chain length: 1)...

I read Stephan's previous post on how he was able to finally make it work by not deleting the "s1as" default self-signed certificate and creating a certificate with a different alias and then running the [keytool -import...] command instead of the java program. However in order to try the same solution I need to start the complete process all over again and request a new certificate from Verisign with the new alias (instead of "s1as").
Isn't there a more simple solution ?
There is no guaranty that if I ask for a new certificate from Verisign it will work....

Thanks,
Asaf
[Message sent by forum member 'asafb' (asafb)]

http://forums.java.net/jive/thread.jspa?messageID=283193

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@...
For additional commands, e-mail: users-help@...

If the cert you recieved from Verisign had a chain then i am sure after running the fixed java code, that you would see the chain in your keystore entry. If it is not confidential you can send me the stuff (vbkumar.jayanti@...) and i can take a look.

Thanks.
[Message sent by forum member 'kumarjayanti' (kumarjayanti)]

http://forums.java.net/jive/thread.jspa?messageID=283260

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@...
For additional commands, e-mail: users-help@...