After trying to find the Entrust root certficate, I just exported a .cer
file from IE, and imported it like this:
keytool -import -alias entrust -file entrust.cer \
-keystore /usr/local/jdk/jre/lib/security/cacerts
That seems to do the trick.
Tom
On Tue, 4 Feb 2003, Michael Becke wrote:
> Since the JRE doesn't recognize Entrust by default it is as though the
> cert is self signed.
>
> Take a look at Sun's docs for the keytool:
>
> http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html
>
> There is also a good discussion thread covering this topic at:
>
> http://forum.java.sun.com/thread.jsp?thread=153188&forum=2&message=448971
>
> Enjoy,
>
> Mike
>
>
> Tom Samplonius wrote:
> > Actually, the certificate is signed by Entrust (the site is
> > https://www3.interaction.bell.ca).
> >
> > Can the Entrust root certificate be imported into the keystore easily?
> > The JSSE INSTALL.TXT talks about which file they go into, but doesn't
> > really provide any detail on where they come from. Where did you get the
> > various signing authorities root certificates?
> >
> >
> > Tom
> >
> >
> > On Tue, 4 Feb 2003, Michael Becke wrote:
> >
> >
> >>By default JSSE only support SSL certs that are signed by Verisign or
> >>Thawte. To use a self signed cert (this appears to be what you are
> >>doing) you have two options:
> >>
> >>1) import the servers cert into your keystore
> >>2) mess around with the X509 stuff, someone posted a URL earlier talking
> >>about how to do this
> >>
> >>Mike
> >>
> >>Tom Samplonius wrote:
> >>
> >>> Now I get the runtime error:
> >>>
> >>>javax.net.ssl.SSLException: untrusted server cert chain
> >>>
> >>>
> >>> Is there anything more that needs to be done to setup the connection?
> >>>I've seend some examples that setup all sorts of X509 stuff. Is that
> >>>required too? I'm using JSSE 1.0.3_01.
> >>>
> >>>
> >>>Tom
> >>>
> >>>
> >>>On Tue, 4 Feb 2003, Michael Becke wrote:
> >>>
> >>>
> >>>
> >>>>java.security.Security.addProvider().
> >>>>
> >>>>Mike
> >>>>
> >>>>Tom Samplonius wrote:
> >>>>
> >>>>
> >>>>> I'm getting an unresolved symbol now. Where do I import
> >>>>>"Security.addProvider()" from?
> >>>>>
> >>>>>
> >>>>>Tom
> >>>>>
> >>>>>
> >>>>>On Tue, 4 Feb 2003, Michael Becke wrote:
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>>You need to add the following line to your code somewhere:
> >>>>>>
> >>>>>> Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
> >>>>>>
> >>>>>>The "java.protocol.handler.pkgs" property is only needed if you want to
> >>>>>>use https with java.net.URL.
> >>>>>>
> >>>>>>I previously thought that addProvider() was not needed, but it seems
> >>>>>>that it is. We probably need to change this in documentation in a few
> >>>>>>places.
> >>>>>>
> >>>>>>Mike
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>---------------------------------------------------------------------
> >>>>>To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>>>>For additional commands, e-mail: [EMAIL PROTECTED]
> >>>>>
> >>>>
> >>>>
> >>>>---------------------------------------------------------------------
> >>>>To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>>>For additional commands, e-mail: [EMAIL PROTECTED]
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>>---------------------------------------------------------------------
> >>>To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>>For additional commands, e-mail: [EMAIL PROTECTED]
> >>>
> >>
> >>
> >>---------------------------------------------------------------------
> >>To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>For additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >>
> >>
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
