Here are some notes I had for a self signed client cert on Ubuntu for debugging:
# For device client certificate (doesn't seem to work on 64-bit): /usr/lib/jvm/java-6-openjdk/bin/keytool -genkey -keyalg RSA -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath /usr/share/java/bcprov.jar -storetype BKS -keystore client.bks -storepass password -keypass password -dname 'CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown' && /usr/lib/jvm/java-6-openjdk/bin/keytool -selfcert -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath /usr/share/java/bcprov.jar -storetype BKS -keystore client.bks -storepass password -keypass password I'm guessing you are on Windows from the "Keytool" capitalization, but the arguments should be the same even if the path names are not. for more serious testing I have some Java code that generates a longer test keychain with root ca, intermediate ca, and client cert that is not generated with the command line but instead with X509V3CertificateGenerator, which is why I don't have an example command line for that handy. There is some discussion of using X509V3CertificateGenerator here: http://www.bouncycastle.org/wiki/display/JA1/X.509+Public+Key+Certificate+and+Certification+Request+Generation -bri On Sun, Sep 5, 2010 at 11:48 PM, mastergap <[email protected]> wrote: > > There were some bugs in early versions of Froyo. I don't > > think you mentioned what version you are using. > > > > but no, I haven't tried to reproduce anything with your code, just giving > > suggestions on how to debug. > > > > -bri > > You're right,i'm using 2.1-update1 version. Another simple question, > us it right to create client certificates with keytool with the > command: > "Keytool -genkey -keystore clientkeys -alias client -storetype BKS - > provider org.bouncy... -providerpath ..."? > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]<android-security-discuss%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
