SSL Certificate Works in Monit - But Not in Keystore
Posted
by
Bart Silverstrim
on Pro Webmasters
See other posts from Pro Webmasters
or by Bart Silverstrim
Published on 2012-03-13T02:39:24Z
Indexed on
2012/03/21
17:39 UTC
Read the original article
Hit count: 378
I have a situation where there's a keystore file with the various root/intermediate certificates stored in it in a way that it seems to work for most browsers.
Problem is that when mobile browsers hit it, there's a break in the chain and they complain.
I used an SSL checker at http://www.sslshopper.com/ssl-checker.html and it states that "The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate." So...the desktop browsers must have the intermediate certs already and can make the chain connections, I'm assuming, while the mobile browsers can't.
The thing is that I had used Portecle to export certificates from the keystore and cobble them together to create a .PEM certificate to run the Monit utility. When I check that application with the SSL checker, it works fine!
The person that originally created the keystore said he couldn't follow the SSL provider's directions for creating the keystore because he created the CSR request using openssl, so the cert and private key had to be converted to DER format and use importkey to get it to work; following the directions he found online had importkey seem to use only a set keystore file as a result, and it would erase anything already in the file if it existed.
So is there a way to take the certificate I created for Monit and create a working keystore for the Tomcat website?
What would be causing the chain to be broken in the current keystore, but work for Monit?
I have the SSL cert provider's intermediate and cross certificates, and the website's certificate, but is what else would I need to create a working chain of certs for a keystore?
© Pro Webmasters or respective owner