I'm having a problem where my cosign client doesn't seem to trust the
certification chain from the cosignd server
This is how I prepare my keystore:
#create keystore
keytool -genkey -keyalg "RSA" -keystore jcosign.jks
#convert the certificate
openssl pkcs12 -export -in foobar.crt -inkey foobar.key -out server.p12 -name
www.foobar.org -CAfile customer.crt -caname root
#import
keytool -importkeystore -deststorepass mypass -destkeypass mypass
-destkeystore jcosign.jks -srckeystore server.p12 -srcstoretype PKCS12
-srcstorepass mypass -alias www.foobar.org
And then when I try to authenticate via jcosign:
15 Apr 2013 23:33:18,318 DEBUG [CosignConnection]
[1:www.foobar.org:122.215.122.111:6663]: failed to init CosignConnection
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
No trusted certificate found
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
Any suggestions how to diagnose this?
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss