Hi Steven
Here is a script for creating a self signed cert. Jetty can use this keystore for https access.
#! /bin/sh
// create a key store with private key
keytool -genkey -alias server -keystore /var/keysserver/cokeys -storepass storepassword# -keypass keypassword@ -dname "CN=cocoon.org, OU=Security Provider, O=Apache,L=Virginia Beach, S=Virginia, C=US" -validity 3600 -v
// generate a self signed sertificate
keytool -selfcert -alias servercert -keystore /var/keysserver/cokeys -alias server -storepass storepassword# -keypass keypassword@ -dname "CN=test.cocoon.org,OU=Web Services,O=Apache,L=Virginia Beach,S=Virginia, c=US" -validity 3600 -v
Here is a script for generating a request for signing
echo "keytool -genkey"
keytool -genkey -alias cocoonkey -keyalg RSA -keystore /var/cocoon/certs/cokeys -storepass storepass# -keypass keypass@ -dname "CN=apache.cocoon.org, OU=PMC, O=Cocoon development, L=Suffolk, S=Virginia, C=US" -validity 3600 -v
echo "keytool certreq"
keytool -certreq -sigalg MD5withRSA -alias cocoonkey -file /var/cocoon/certs/cocoonreq.csr -keystore /var/cocoon/certs/cokeys -storepass storepass# -keypass keypass@
Hva the file in /var/cocoon/certs.cocoonreq.csr signed by an authority then import it:
echo "keytool ...import cert"
keytool -import -v -alias cocoonkey -file /var/cocoon/certs/cocooncrt.crt -keypass keypass@ -keystore /var/cocoon/certs/cokeys -storepass storepass# -trustcacerts
Hope this helps and is not too late.
Steven Noels wrote:
Hi folks,
I'm trying to use a https source in a simple pipeline, but Java doesn't like the server certificate on the originating side. With the help of openssl, I managed to save a local copy of the certificate, but now I need to add it to my local set of certificates.
Despite gazillion of web pages, I haven't quite found out how and why (the 'how' would be enough to start with).
Has anyone experience with adding certificates to the Java security machinery?
Thanks,
</Steven>
