Thawte SSL free Certificate not detected - jetty server

Question

I generated the keystore :
keytool -genkeypair -alias jetty -keyalg RSA -validity 30 -keystore keystore.jks
I generated a CSR :
keytool -certreq -alias jetty -file certreq.csr -keystore keystore.jks
then I use this CSR to get a free SSL certificate, after that they send 3 certificates, which I added to my keystore :

keytool -import -trustcacerts -alias root -file root.cer -keystore myKeystore

keytool -import -trustcacerts -alias intermediate-file intermediate.cer -keystore myKeystore

keytool -import -trustcacerts -alias trial -file trial.cer -keystore myKeystore

I use jetty 9 so here's the config for it in jetty-ssl.xml :

   <Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
  <Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.keystore" default="etc/keystore"/></Set>
  <Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="ironhide"/></Set>
  <Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="ironhide"/></Set>
  <Set name="TrustStorePassword"><Property name="jetty.truststore.password" default="ironhide"/></Set>

But when I restart the server, it still shows as it is self-signed with https on the browser with red X mark

here's the keystore:

Keystore type: JKS Keystore provider: SUN

Your keystore contains 4 entries

root, Nov 16, 2014, trustedCertEntry, Certificate fingerprint (SHA1): 51:51:B8:63:8A:4C:1F:15:54:56:ED:37:C9:10:35:CA: D3:01:B9:36
intermediate, Nov 16, 2014, trustedCertEntry, Certificate fingerprint (SHA1): BE:D1:D1:4E:25:A7:94:36:83:9E:4B:A7:CD:84:48:96: B7:0A:7F:B0
trial, Nov 16, 2014, trustedCertEntry, Certificate fingerprint (SHA1): DF:A1:52:F0:60:31:4C:DB:0C:61:3D:CA:C4:A6:85:FE: D4:4C:CD:04
getlinked, Nov 14, 2014, PrivateKeyEntry, Certificate fingerprint (SHA1): 2C:82:F7:E8:09:C2:7D:7C:71:9E:86:C0:EC:85:22:AE: 20:7D:43:14

Answer 1

Assuming your alias, when you generated the private key + CSR was "getlinked", the signed certificate file is trial.cer (PEM encoded), and that the intermediate certificate from the CA is intermediate.cer (PEM encoded).

If your certificate is just the certificate only, you may need to "chain" the certificate by concatenating the intermediate certificate to it.

Unix:

cat trial.cer intermediate.cer > chained.cer

Windows:

copy /b trial.cer+intermediate.cer chained.cer

Then, based on the alias used to generate the CSR

keytool -import -alias getlinked -file chained.cer -keystore myKeystore

Add a set for the Alias property.

<Set name="CertAlias">getlinked</Set>

Answer 2

Okey guys, I solved the problem, so the issue is that the "MYDOMAIN" certificate should have the same alias as the private key in the keystore,
keytool -genkeypair -alias jetty -keyalg RSA -validity 30 -keystore keystore.jks
keytool -import -trustcacerts -alias jetty -file trial.cer -keystore myKeystore

this worked for me, I tried it with a bought certificate and it's all good.

thank you guys for your help.