2 Replies Latest reply: Jul 2, 2012 12:52 PM by Rob Mars RSS

Multiple Certificates One Keystore Problem

Rob Mars Newbie

Hello,

 

I have configured AS 7.1.1 to use SSL.  I have imported 2 Go Daddy certs for two separate domains aliases into my keystore.  It seems when I hit the server JBoss servs up the first cert it finds in the keystore.  If I am coming from the domain where the alias is first in my keystore it works fine.  If I am coming from the second cert domain in my keystore, it fails with invalid certificate, showing only the first cert in my keystore in the browser warning. 

 

I found something on the web that said, JBoss 7 only matches the first alias, this seems to be what is happening.  Is this true?  If so how can I get JBoss to work with both certificates in a single keystore.

 

Thanks in advance,

  Rob

  • 1. Re: Multiple Certificates One Keystore Problem
    Tomaz Cerar Master

    Hi,

     

    can you paste your web subsystem configuration (without passwords ofcourse)

     

    --

    tomaz

  • 2. Re: Multiple Certificates One Keystore Problem
    Rob Mars Newbie
        <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
            <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
            <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
                <ssl name="ssl" password="xxxxxx" certificate-key-file="/opt/jboss-as-7.1.1.Final/standalone/configuration/euroapp01.jks" protocol="RSA" verify-client="false" ca-certificate-file="/opt/jboss-as-7.1.1.Final/standalone/configuration/cacerts.jks"/>
            </connector>
            <virtual-server name="default-host" enable-welcome-root="true">
                <alias name="localhost"/>
                <alias name="example.com"/>
                <alias name="diagapp01.erdiscovery.com"/>
            </virtual-server>
        </subsystem>