Configuring trusted SSL Certificates
I have a third party piece of software I'm trying to set up on some development servers. I would rather not have to buy certificates for all my test servers when they are going to be replaced at production. My situation, is that I have a piece of software that needs to read a secure web page. I do not have access to the source of the software. I keep getting certificate errors. Just as an example with two of the software pieces.
dataserver.mydomain.edu - provides a web site
searchserver.mydomain.edu - reads from dataaserver.mydomain.edu via HTTPS
I have created a self signed sertificate for dataserver.mydomain.edu and my own certificate authority.
Creating the certificate authority:
creating my server certificate
openssl genrsa -des3 -out ca.key $SIZE
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
I installed server.insecure.key and server.crt into my web server on dataserver (apache). I also copied server.crt and ca.crt to searchserver. At this point, I tried to install them to java keystore:
openssl genrsa -des3 -out server.secure.key $SIZE
openssl rsa -in server.secure.key -out server.insecure.key
openssl req -new -key server.secure.key -out server.csr
openssl x509 -req -days 3650 -in server.csr -CA ../ca/ca.crt -CAkey ../ca/ca.key -set_serial 01 -out server.crt
Anyone know what I'm doing wrong here that my certificate isn't trusted? I was prompted for a password on the keytool commands (and entered it, just the default "changit", and I confirmed I wanted to add the certificates), and did not receive any errors.
keytool -import -alias dataserver.mydomain.edu -file server.crt
keytool -import -trustcacerts ca.crt
Actually, if I had set size to 4096 when I created the certificates, I would get an error at the keytool step complaining the certificates were not x509 certificates.