hmm....ok so it looks like something is happening to a couple of the key files when I try to place then on the classpath in my uportal project before doing a "ant clean deploy-ear" When I do a comparison of the files after a clean deploy, the private.p8 and public.key files are changed. It's almost like maven is hanging on to the wrong file and deploying it. I dumped the cas portlet overlay from my maven repository and let it rebuild and got the same behavior. I don't get it...I would think it should work fine to include the certificate and key files in my build!!
On Tue, Dec 22, 2009 at 8:45 AM, Curtis Garman <[email protected]>wrote: > Marvin, the cas wiki says that the appropriate key and certificate files > can be generated with the following commands > > openssl genrsa -out private.key 1024 > openssl rsa -pubout -in private.key -out public.key -inform PEM -outform > DER > openssl pkcs8 -topk8 -inform PER -outform DER -nocrypt -in private.key -out > private.p8 > openssl req -new -x509 -key private.key -out x509.pem -days 365 > > However, comparing these commands to those privided by google at > http://code.google.com/apis/apps/articles/sso-keygen.html#OpenSSL > > openssl genrsa -out rsaprivkey.pem 1024 > openssl rsa -in rsaprivkey.pem -pubout -outform DER -out rsapubkey.der > openssl pkcs8 -topk8 -inform PEM -outform DER -in rsaprivkey.pem -out > rsaprivkey.der -nocrypt > openssl req -new -x509 -key dsaprivkey.pem -out dsacert.pem > > so the commands I used are > > openssl genrsa -out private.key 1024 > openssl rsa -in private.key -inform PEM -pubout -out public.key -outform > DER > openssl pkcs8 -topk8 -in private.key -inform PEM -out private.p8 -outform > DER -nocrypt > openssl req -new -x509 -key private.key -out x509.pem -days 365 > > Based on the -outform parameter, I believe everything should be in the > format you specified. > > When I did a google search on "java.security.InvalidKeyException:illegal > Key Size", I came up with the following page > http://charithaka.blogspot.com/2008/08/how-to-avoid-javasecurityinvalidkeyexce.htmlwhich > seems to be saying that I need to download and install the Java > Cryptography Extension (JCE) unlimited strength jurisdiction policy files > from sun and replace the existing ones...do you know anything about this? I > tried it--updated the jars and rebooted the server and got the same result > > > > > On Mon, Dec 21, 2009 at 6:38 PM, Marvin Addison > <[email protected]>wrote: > >> Based on the openssl snippet you shared and the exception, I would >> imagine you are using a PEM-encoded certificate when you need a >> DER-encoded one. In general, you need DER-encoded cryptographic files >> when working in Java. >> >> M >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > > > -- > Curtis Garman > Web Programmer > Heartland Community College > -- Curtis Garman Web Programmer Heartland Community College -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
