Hi Vibhor,
Rampart also support the PKCS12 keystore. So, instead of using JKS,
you could use PKCS12 to store private keys (.p12/.pfx) & trusted
certs(.crt/.cer).
Afaik, OpenSSL cannot manage PKCS keystore to have more than one cert.
I have tried software called "IBM keyman" that will allow you to
import more than one cert in a keystore.
Hope this will help.
Regards,
Sukma
On 4/28/07, Vibhor_Sharma <[EMAIL PROTECTED]> wrote:
Hi Ruchith
I was referring to your article available at the following link.
http://wso2.org/library/174
and
http://wso2.org/library/255
One thing that i need clarification on was that why do we need to import the
client certifcate in to our key store when the consumer of the web service
would provide it's certifcate in soap message itself.
I looked at the certifcates also which have been provided along with the
samples of rampart and when i used the following command
keytool -list -v -keystore service.jks -storepass apache
i saw that there are three enteries
Alias name: service
Creation date: Jul 21, 2006
Entry type: keyEntry
Certificate chain length: 2
Alias name: ca
Creation date: Jul 21, 2006
Entry type: trustedCertEntry
Alias name: client
Creation date: Jul 21, 2006
Entry type: trustedCertEntry
so it shows that there exists a client certifcate too.
The key store still has the private key but it is hidden right?
what does Certificate chain length: 2 mean?
Now coming to the main question
We are getting our testing certificates from comodo (www.comodo.com)
they have mentioned the instructions to generate the key pair as follows
https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=3&nav=0,1
This article talks about using an openssl to create the key pair
now if i have to maintain a key store in the similar fashion described in
your article how should we go about doing that?
I looked at the keytool utility provided by JDK and it does not show how to
import the private key into the key store that would be generated from the
link specified above. Any help would really be appreciated.
Thanks
Vibhor
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
