Java Certificate Chain

Questions, answers, tips and ideas on Servoy Client

Java Certificate Chain

Postby Bernd.N » Thu Jun 18, 2020 12:15 pm

Our keystore has four certificates in a chain, from which two were expired.
I managed now to add two new certificates (ROOT and INTERMEDIATE), and they show both green now (see screenshots).

Was it correct to also delete the two old certificates (which have the red dot in the E column in the second screenshot), or do they have to stay in the keystore file?
I deleted them.

CodeSigner at least states "Chain verification: OK".
Attachments
new certificate chaine.jpg
new certificate chaine.jpg (60.24 KiB) Viewed 2118 times
certificate chaine.jpg
certificate chaine.jpg (67.92 KiB) Viewed 2118 times
Bernd Korthaus
LinkedIn
Servoy 7.4.9 SC postgreSQL 9.4.11 Windows 10 Pro
User avatar
Bernd.N
 
Posts: 544
Joined: Mon Oct 21, 2013 5:57 pm
Location: Langenhorn, North Friesland, Germany

Re: Java Certificate Chain

Postby sbutler » Tue Jun 23, 2020 9:23 pm

Mine looked a bit different than yours. I had just 1 entry shown in Keystore Explorer, and I was able to modify the chain to get it working. Maybe this helps.
what I did to get ours working....
- Download their AAA backward compatible certs
- When inspecting the certificate, I see there are 4 certs in the chain. The top 2 were expired.
- I right clicked on the certificate and chose Edit Certificate Chain->Remove certificate. I did that twice, and that removed the top 2.
- Then right click on the certificate again, and choose Edit Certificate Chain->Append certificate. I kept doing that trying all the the AAA certs until 2 of them got in.
- Then when inspecting the cert, i saw there were again 4 certs in the chain, but now they were all valid and not expired.

Of course, before doing all of this, make sure you have a backup of your keystore in case you hose things.

Sounds like you did something similar. The key is to right click on your certificate (the one with the golden colored key icon on the left) and inspect it to make sure its chain is valid.
Scott Butler
iTech Professionals, Inc.
SAN Partner

Servoy Consulting & Development
Servoy University- Training Videos
Servoy Components- Plugins, Beans, and Web Components
Servoy Guy- Tips & Resources
ServoyForge- Open Source Components
User avatar
sbutler
Servoy Expert
 
Posts: 759
Joined: Sun Jan 08, 2006 7:15 am
Location: Cincinnati, OH


Return to Servoy Client

Who is online

Users browsing this forum: No registered users and 7 guests