| Re: [jetty-users] Website works but SSL Labs is reporting vulnerabilities |
|
I'm looking at the new keystore I created with all of the CA certs included. Three of those; three website certs; keytool -list says I have six certs whether or not I use -v.
On 4/22/2016 11:31 AM, Simone Bordet
wrote:
Hi, On Fri, Apr 22, 2016 at 8:07 PM, Steve Sobol - Lobos Studios <steve@xxxxxxxxxxxxxxxx> wrote:Well yeah, that's the thing, I do have them. With Apache I just have them bundled in a single file and I use the SSLCertificateChainFile directive (I believe) to point to them. I tried putting the CA certs in the truststore. Didn't work. Tried putting them in the keystore with the website certs. Didn't work. So, I'm a little lost. :(Trustores are only useful when you receive a certificate and you want to verify that is trustable. Typically clients use them (e.g. the server sends a self-signed certificate). I think we have the same (or a very similar) setup for Webtide's website. If I do: keytool -list -keystore keystore it prints: Your keystore contains 4 entries (fingerprints removed): comodo_ca, Jan 15, 2016, trustedCertEntry, addtrust_ca_root, Jan 15, 2016, trustedCertEntry, server, Jan 15, 2016, PrivateKeyEntry, comodo_domain_ca, Jan 15, 2016, trustedCertEntry, If I do: keytool -list -v -keystore keystore it prints a lot more. The important thing is that the "server" alias (in our case, or the alias that has the private key) has attached 4 certificates. In our case I see: Alias name: server Creation date: Jan 15, 2016 Entry type: PrivateKeyEntry Certificate chain length: 4 Certificate[1]: ... Certificate[2]: ... Certificate[3]: ... Certificate[4]: ... These entries should match the other entries you have in the keystore. If you don't have "Certificate chain length: 4" (or whatever length you have), but you have only length=1, then you have imported the certificate into the keystore in the wrong way. Let us know. -- Lobos Studios | Phone: 877.919.4WEB | LobosStudios.com | Facebook.com/LobosStudios | @LobosStudios Web Development - Mobile Development - Helpdesk/Tech Support - Computer Sales & Service Acer Authorized Reseller - Computers, Windows and Android Tablets, Accessories Steve Sobol - CEO, Senior Developer and Server Jockey steve@xxxxxxxxxxxxxxxx |