D3 and mvBase

Anybody out there have any experience with getting certificates from GoDaddy to use with the MVS Toolkit or other applications using a Java Keystore?

------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software
------------------------------

G'day Brian,

Darrell has solved this problem for us and he will be in touch with you shortly.

Alex
-- Alex Polglaze The Book-Keeping Network (08) 9349 9189 +61 419 776 348 apolglaze@book-keepingnetwork.com.au <apolglaze@book-keepingnetwork.com.au> https://www.book-keepingnetwork.com.au <https: www.book-keepingnetwork.com.au="">


Original Message:
Sent: 8/18/2021 2:19:00 PM
From: Brian Cram
Subject: CA-supplied Certificates for HTTPS

Anybody out there have any experience with getting certificates from GoDaddy to use with the MVS Toolkit or other applications using a Java Keystore?

------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software
------------------------------
</https:></apolglaze@book-keepingnetwork.com.au>

Actually, so have we. I have a very detailed document that I've created and was looking to compare my solution against someone else's before posting mine. I look forward to looking at Darrell's solution. Thanks, Alex.

------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software
------------------------------

Original Message:
Sent: 08-19-2021 20:03
From: Alex Polglaze
Subject: CA-supplied Certificates for HTTPS

G'day Brian,

Darrell has solved this problem for us and he will be in touch with you shortly.

Alex
-- Alex Polglaze The Book-Keeping Network (08) 9349 9189 +61 419 776 348 apolglaze@book-keepingnetwork.com.au <apolglaze@book-keepingnetwork.com.au> https://www.book-keepingnetwork.com.au <https: www.book-keepingnetwork.com.au="">


Original Message:
Sent: 8/18/2021 2:19:00 PM
From: Brian Cram
Subject: CA-supplied Certificates for HTTPS

Anybody out there have any experience with getting certificates from GoDaddy to use with the MVS Toolkit or other applications using a Java Keystore?

------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software
------------------------------
</https:></apolglaze@book-keepingnetwork.com.au>

The Java Keystore is really finicky about getting the certificates in the right order. Can derail the whole thing. The best way is to visualise it using something like Keystore explorer (KeyStore Explorer (keystore-explorer.org)) so you can see what's going on. It should be a hierarchical structure from the root CA certificate, through any intermediaries to the server/wildcard certificate.

Some other things I've found that are useful
1)  Work with the certificate chain as text files/PEM files. Cutting and pasting the in the right order makes it easier to get the certificate chain right.
2) Use the script to create the MVS file and then edit it using Keystore Explorer (to import)
3) Don't create the CSR to send to GoDaddy from IIS. Create it from OpenSSL first (and then import to IIS). Otherwise, it's a nightmare/impossible to get the certificate key to use in the Keystore.

Of course, it could be that the encryption key is wrong. Spent too long sorting out the chain only to find it's a misspelling :(

------------------------------
Darrell Horrocks
Rocket Forum Shared Account
------------------------------

Original Message:
Sent: 08-18-2021 14:19
From: Brian Cram
Subject: CA-supplied Certificates for HTTPS

Anybody out there have any experience with getting certificates from GoDaddy to use with the MVS Toolkit or other applications using a Java Keystore?

------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software
------------------------------

Thanks. That's about what we've recently found.

------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software
------------------------------

Original Message:
Sent: 08-19-2021 21:12
From: Darrell Horrocks
Subject: CA-supplied Certificates for HTTPS

The Java Keystore is really finicky about getting the certificates in the right order. Can derail the whole thing. The best way is to visualise it using something like Keystore explorer (KeyStore Explorer (keystore-explorer.org)) so you can see what's going on. It should be a hierarchical structure from the root CA certificate, through any intermediaries to the server/wildcard certificate.

Some other things I've found that are useful
1)  Work with the certificate chain as text files/PEM files. Cutting and pasting the in the right order makes it easier to get the certificate chain right.
2) Use the script to create the MVS file and then edit it using Keystore Explorer (to import)
3) Don't create the CSR to send to GoDaddy from IIS. Create it from OpenSSL first (and then import to IIS). Otherwise, it's a nightmare/impossible to get the certificate key to use in the Keystore.

Of course, it could be that the encryption key is wrong. Spent too long sorting out the chain only to find it's a misspelling :(

------------------------------
Darrell Horrocks
Rocket Forum Shared Account

Original Message:
Sent: 08-18-2021 14:19
From: Brian Cram
Subject: CA-supplied Certificates for HTTPS

Anybody out there have any experience with getting certificates from GoDaddy to use with the MVS Toolkit or other applications using a Java Keystore?

------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software
------------------------------

Here's a word document outlining the steps we took to get a GoDaddy-supplied cert into a Java keystore and used by the Toolkit.

------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software
------------------------------

Original Message:
Sent: 08-20-2021 13:56
From: Brian Cram
Subject: CA-supplied Certificates for HTTPS

Thanks. That's about what we've recently found.

------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software

Original Message:
Sent: 08-19-2021 21:12
From: Darrell Horrocks
Subject: CA-supplied Certificates for HTTPS

The Java Keystore is really finicky about getting the certificates in the right order. Can derail the whole thing. The best way is to visualise it using something like Keystore explorer (KeyStore Explorer (keystore-explorer.org)) so you can see what's going on. It should be a hierarchical structure from the root CA certificate, through any intermediaries to the server/wildcard certificate.

Some other things I've found that are useful
1)  Work with the certificate chain as text files/PEM files. Cutting and pasting the in the right order makes it easier to get the certificate chain right.
2) Use the script to create the MVS file and then edit it using Keystore Explorer (to import)
3) Don't create the CSR to send to GoDaddy from IIS. Create it from OpenSSL first (and then import to IIS). Otherwise, it's a nightmare/impossible to get the certificate key to use in the Keystore.

Of course, it could be that the encryption key is wrong. Spent too long sorting out the chain only to find it's a misspelling :(

------------------------------
Darrell Horrocks
Rocket Forum Shared Account

Original Message:
Sent: 08-18-2021 14:19
From: Brian Cram
Subject: CA-supplied Certificates for HTTPS

Anybody out there have any experience with getting certificates from GoDaddy to use with the MVS Toolkit or other applications using a Java Keystore?

------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software
------------------------------