The Java Keystore is really finicky about getting the certificates in the right order. Can derail the whole thing. The best way is to visualise it using something like Keystore explorer (
KeyStore Explorer (keystore-explorer.org)) so you can see what's going on. It should be a hierarchical structure from the root CA certificate, through any intermediaries to the server/wildcard certificate.
Some other things I've found that are useful
1) Work with the certificate chain as text files/PEM files. Cutting and pasting the in the right order makes it easier to get the certificate chain right.
2) Use the script to create the MVS file and then edit it using Keystore Explorer (to import)
3) Don't create the CSR to send to GoDaddy from IIS. Create it from OpenSSL first (and then import to IIS). Otherwise, it's a nightmare/impossible to get the certificate key to use in the Keystore.
Of course, it could be that the encryption key is wrong. Spent too long sorting out the chain only to find it's a misspelling :(
------------------------------
Darrell Horrocks
Rocket Forum Shared Account
------------------------------
Original Message:
Sent: 08-18-2021 14:19
From: Brian Cram
Subject: CA-supplied Certificates for HTTPS
Anybody out there have any experience with getting certificates from GoDaddy to use with the MVS Toolkit or other applications using a Java Keystore?
------------------------------
Brian S. Cram
Principal Technical Support Engineer
Rocket Software
------------------------------