I was tasked to set up an ssl in a server, this server uses wildfly, so I have to make a keystore that contains all of the certificates that I got, the server certificate, the intermediate and the keyfile.
First I chained up the server cert and the intermediate cert, and then I used openssl to create a pkc12 file. I then used keytool to create a keystore from that pkc12 file.
The problem is when I open the keystore file or the pkc12 file, I find that it doesn't contain the intermediate cert, it only has the server cert. I've done this procedure before and it worked
Anyone knows what can the problem be ?
Extra info : the intermediate certificate is a little old (from 2010) and uses sha1 and will expire in 9 months which is weird, unlike my server cert which is new and uses sha256.
Apparently your problem could be a wrong intermediate certificate.
To ensure that you have the correct intermediate certificate.
Run the following command for the server certificate:
Then open URL found by grep:
Convert downloaded certificate into PEM format:
Now you know for sure that
intermediate.pemis the correct intermediate certificate for your server certificate.Assume, there is one only intermediate certificate in a chain. If there are more, you would need to repeat the commands above for
intermediate.pemto getintermediate2.pemand so on.Run the commands below to create JKS store.
Create certificate bundle:
Create pfx/pkcs12 format bundle:
Create JKS keystore:
Check keystore:
You should see the following listed: