Results 1 to 2 of 2
  1. #1
    jimstapleton is offline Member
    Join Date
    Mar 2009
    Posts
    2
    Rep Power
    0

    Default Configuring trusted SSL Certificates

    I have a third party piece of software I'm trying to set up on some development servers. I would rather not have to buy certificates for all my test servers when they are going to be replaced at production. My situation, is that I have a piece of software that needs to read a secure web page. I do not have access to the source of the software. I keep getting certificate errors. Just as an example with two of the software pieces.

    dataserver.mydomain.edu - provides a web site
    searchserver.mydomain.edu - reads from dataaserver.mydomain.edu via HTTPS

    I have created a self signed sertificate for dataserver.mydomain.edu and my own certificate authority.

    Creating the certificate authority:
    Java Code:
    export SIZE=1024
    cd ca/
    openssl genrsa -des3 -out ca.key $SIZE
    openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
    creating my server certificate
    Java Code:
    cd ../dataserver
    openssl genrsa -des3 -out server.secure.key $SIZE
    openssl rsa -in server.secure.key -out server.insecure.key
    openssl req -new -key server.secure.key -out server.csr
    openssl x509 -req -days 3650 -in server.csr -CA ../ca/ca.crt -CAkey ../ca/ca.key -set_serial 01 -out server.crt
    I installed server.insecure.key and server.crt into my web server on dataserver (apache). I also copied server.crt and ca.crt to searchserver. At this point, I tried to install them to java keystore:

    Java Code:
    keytool -import -alias dataserver.mydomain.edu -file server.crt
    keytool -import -trustcacerts ca.crt
    Anyone know what I'm doing wrong here that my certificate isn't trusted? I was prompted for a password on the keytool commands (and entered it, just the default "changit", and I confirmed I wanted to add the certificates), and did not receive any errors.

    Actually, if I had set size to 4096 when I created the certificates, I would get an error at the keytool step complaining the certificates were not x509 certificates.


    Thanks,
    -Jim

  2. #2
    jimstapleton is offline Member
    Join Date
    Mar 2009
    Posts
    2
    Rep Power
    0

    Default

    is my question on the wrong forum, or is it oddball enough that people just aren't sure what to respond with?

Similar Threads

  1. Replies: 3
    Last Post: 01-14-2010, 07:45 PM
  2. configuring eclipse
    By doug99 in forum Eclipse
    Replies: 0
    Last Post: 03-09-2009, 07:32 PM
  3. How to Find IE Browser SSL certificates list
    By dmkreddy_k in forum Advanced Java
    Replies: 0
    Last Post: 10-29-2008, 06:38 AM
  4. Replies: 1
    Last Post: 10-11-2008, 04:36 PM
  5. Replies: 4
    Last Post: 08-10-2007, 10:09 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •