I've generated an SSL certificate with keytool:
keytool -keystore keystore -alias mySite -genkey -keyalg RSA -keysize 2048
I got this configured and working fine, but obviously it wasn't signed by a trusted CA, so I generated a CSR:
keytool -certreq -alias mySite -keystore keystore -file mySite.csr
GoDaddy gave me two certificates back, which I imported into my keystore:
keytool -keystore keystore -import -alias mySite.com -file mySite.com.crt
keytool -keystore keystore -import -alias gd_bundle -file gd_bundle.crt
I thought this would be sufficient, but I am still getting an untrusted certificate warning when I hit my app through the browser. Am I missing a step? My app is running on Jetty, and the only configuration I've provided is the keystore and the key-password.
I am getting the following exception:
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
After messing around with this for a couple hours, I was able to find a solution. I ended up using
openssl
instead ofkeytool
:Submit the CSR, and once you get issued a cert:
Hope others find this useful!