2 Replies Latest reply on Jul 2, 2012 12:52 PM by mars58

    Multiple Certificates One Keystore Problem

    mars58

      Hello,

       

      I have configured AS 7.1.1 to use SSL.  I have imported 2 Go Daddy certs for two separate domains aliases into my keystore.  It seems when I hit the server JBoss servs up the first cert it finds in the keystore.  If I am coming from the domain where the alias is first in my keystore it works fine.  If I am coming from the second cert domain in my keystore, it fails with invalid certificate, showing only the first cert in my keystore in the browser warning. 

       

      I found something on the web that said, JBoss 7 only matches the first alias, this seems to be what is happening.  Is this true?  If so how can I get JBoss to work with both certificates in a single keystore.

       

      Thanks in advance,

        Rob

        • 1. Re: Multiple Certificates One Keystore Problem
          ctomc

          Hi,

           

          can you paste your web subsystem configuration (without passwords ofcourse)

           

          --

          tomaz

          • 2. Re: Multiple Certificates One Keystore Problem
            mars58
                <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
                    <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
                    <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
                        <ssl name="ssl" password="xxxxxx" certificate-key-file="/opt/jboss-as-7.1.1.Final/standalone/configuration/euroapp01.jks" protocol="RSA" verify-client="false" ca-certificate-file="/opt/jboss-as-7.1.1.Final/standalone/configuration/cacerts.jks"/>
                    </connector>
                    <virtual-server name="default-host" enable-welcome-root="true">
                        <alias name="localhost"/>
                        <alias name="example.com"/>
                        <alias name="diagapp01.erdiscovery.com"/>
                    </virtual-server>
                </subsystem>