Pages about SSL Services through ITSS and Instant SSL

• SSL Certificate Acquision Service
• InstantSSL Instructions for Creating a CSR
• Browsers Compatible with InstantSSL Certificates
• InstantSSL Instructions for Installing an InstantSSL Certificate

Related Pages

• Leland Web Services
• WebAuth v3
• Apache 2.x documentation

Acquiring an SSL Certificate for Within the stanford.edu Domain

Introduction

There was an expectation that the change in certificate vendors would be transparent to clients, but unfortunately that was not the case. After the fact, ITSS found that there are protocol incompatibilities between our new signed server certificate and pre-JDK 1.4.1 using the JSSE extension.

Unfortunately, the fix will require clients to make some modifications if they are using JDK 1.3.1 or any other JDK before version 1.4.1.

Instructions for Correcting JDK pre-1.4.1 Issues

Here are the steps to be followed:

1. Download (save) the file provided at http://www.stanford.edu/dept/itss/infrastructure/registry/consulting/docservice/cacerts
   Note: This file is the global JDK Level 1 Certificate Authority trusted store.

2. Change directory to the JAVA_HOME of your application.
   cd /usr/j2sdk1.3.1/

3. The cacerts file is located in JAVA_HOME/jre/lib/security/.
   cd jre/lib/security

4. Backup cacerts file already in this directory
   mv cacerts cacerts.bak

5. Copy new cacerts file into this directory
   cp (where saved)/cacerts .

6. Change permissions as necessary.

That should resolve the issue.

If you have any questions about this information, please submit a HelpSU request using the below link.