Marvin, the cas wiki says that the appropriate key and certificate files can be generated with the following commands
openssl genrsa -out private.key 1024 openssl rsa -pubout -in private.key -out public.key -inform PEM -outform DER openssl pkcs8 -topk8 -inform PER -outform DER -nocrypt -in private.key -out private.p8 openssl req -new -x509 -key private.key -out x509.pem -days 365 However, comparing these commands to those privided by google at http://code.google.com/apis/apps/articles/sso-keygen.html#OpenSSL openssl genrsa -out rsaprivkey.pem 1024 openssl rsa -in rsaprivkey.pem -pubout -outform DER -out rsapubkey.der openssl pkcs8 -topk8 -inform PEM -outform DER -in rsaprivkey.pem -out rsaprivkey.der -nocrypt openssl req -new -x509 -key dsaprivkey.pem -out dsacert.pem so the commands I used are openssl genrsa -out private.key 1024 openssl rsa -in private.key -inform PEM -pubout -out public.key -outform DER openssl pkcs8 -topk8 -in private.key -inform PEM -out private.p8 -outform DER -nocrypt openssl req -new -x509 -key private.key -out x509.pem -days 365 Based on the -outform parameter, I believe everything should be in the format you specified. When I did a google search on "java.security.InvalidKeyException:illegal Key Size", I came up with the following page http://charithaka.blogspot.com/2008/08/how-to-avoid-javasecurityinvalidkeyexce.htmlwhich seems to be saying that I need to download and install the Java Cryptography Extension (JCE) unlimited strength jurisdiction policy files from sun and replace the existing ones...do you know anything about this? I tried it--updated the jars and rebooted the server and got the same result On Mon, Dec 21, 2009 at 6:38 PM, Marvin Addison <[email protected]>wrote: > Based on the openssl snippet you shared and the exception, I would > imagine you are using a PEM-encoded certificate when you need a > DER-encoded one. In general, you need DER-encoded cryptographic files > when working in Java. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- Curtis Garman Web Programmer Heartland Community College -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
