Results 1 to 2 of 2
  1. #1
    jimstapleton is offline Member
    Join Date
    Mar 2009
    Rep Power

    Default Configuring trusted SSL Certificates

    I have a third party piece of software I'm trying to set up on some development servers. I would rather not have to buy certificates for all my test servers when they are going to be replaced at production. My situation, is that I have a piece of software that needs to read a secure web page. I do not have access to the source of the software. I keep getting certificate errors. Just as an example with two of the software pieces. - provides a web site - reads from via HTTPS

    I have created a self signed sertificate for and my own certificate authority.

    Creating the certificate authority:
    Java Code:
    export SIZE=1024
    cd ca/
    openssl genrsa -des3 -out ca.key $SIZE
    openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
    creating my server certificate
    Java Code:
    cd ../dataserver
    openssl genrsa -des3 -out $SIZE
    openssl rsa -in -out server.insecure.key
    openssl req -new -key -out server.csr
    openssl x509 -req -days 3650 -in server.csr -CA ../ca/ca.crt -CAkey ../ca/ca.key -set_serial 01 -out server.crt
    I installed server.insecure.key and server.crt into my web server on dataserver (apache). I also copied server.crt and ca.crt to searchserver. At this point, I tried to install them to java keystore:

    Java Code:
    keytool -import -alias -file server.crt
    keytool -import -trustcacerts ca.crt
    Anyone know what I'm doing wrong here that my certificate isn't trusted? I was prompted for a password on the keytool commands (and entered it, just the default "changit", and I confirmed I wanted to add the certificates), and did not receive any errors.

    Actually, if I had set size to 4096 when I created the certificates, I would get an error at the keytool step complaining the certificates were not x509 certificates.


  2. #2
    jimstapleton is offline Member
    Join Date
    Mar 2009
    Rep Power


    is my question on the wrong forum, or is it oddball enough that people just aren't sure what to respond with?

Similar Threads

  1. Replies: 3
    Last Post: 01-14-2010, 08:45 PM
  2. configuring eclipse
    By doug99 in forum Eclipse
    Replies: 0
    Last Post: 03-09-2009, 08:32 PM
  3. How to Find IE Browser SSL certificates list
    By dmkreddy_k in forum Advanced Java
    Replies: 0
    Last Post: 10-29-2008, 07:38 AM
  4. Replies: 1
    Last Post: 10-11-2008, 04:36 PM
  5. Replies: 4
    Last Post: 08-10-2007, 10:09 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts