Jérôme PICARD schrieb am 08/30/2005 01:41 PM:
Hello,
Thank you for all your answers,
I try to generate a certificat with openssl (I read some tutorials about
it), when I import the certificat in the keystore with keytool I catch a
new Exception.
Can you give me some informations about the use of openssl an the
keytool. Do you have a good tutorial ?
Here my steps.
// Create autority.
openssl req -config openssl.cnf -new -newkey rsa:1024 -nodes -out
./ca.csr -keyout ./ca.key
// Create autority's certificat.
openssl x509 -trustout -signkey ./ca.key -days 365 -req -in ./ca.csr
-out ./ca.pem
// Create autority's serial number.
echo "02" > ./ca.srl
// Create java keystore.
keytool -genkey -alias serveur -keyalg RSA -keysize 1024 -keystore
serveur.jks -storetype JKS
// Create request of certificat.
keytool -certreq -keyalg RSA -alias serveur -file serveur.csr -keystore
serveur.jks
// Add autority to the certificat.
openssl x509 -CA ../ca/ca.pem -CAkey ../ca/ca.key -CAserial ../ca/ca.srl
-req -in ./serveur.csr -out ./serveur.crt -days 365
// Import certificat in the java keystore.
keytool -import -alias serveur -keystore ./serveur.jks -trustcacerts
-file ./serveur.crt
Here I catch an Exception.
Thanks for your help.
Regards,
Jerome.
Hi Jerome,
which Jva cryptographic provider do you use? AFAIK the SUN provider does
not support X.509v3 certificates. Does the problem remain if you use
e.g.the bouncycastle provider and its keystore format UBER?
Hope this helps
Martin
