Hi everyone, I'm working on a Shibboleth (federated identity management system) installation and I need to import a key/certificate pair into a Java keystore. Shibboleth comes with an extkeytool that lets me import this key/certificate pair into a Java keystore as shown below. However, I'm getting the error shown below.
/opt/shibboleth-idp/bin/extkeytool -importkey -alias idp -keyfile
testshib.key.pkcs8 -certfile testshib.crt -keystore test.jks -storepass
secret -provider org.bouncycastle.jce.provider.BouncyCastleProvider
Enter key password
(RETURN if same as keystore password):
No password specified, defaulting to keystore password.
Incomplete certificate chain.
Cannot Perform Operation: Incomplete cerficate chain.
The testshib.crt in the above command is a self signed certificate and as
such, there's no CA root for testshib.crt. My only conclusion is that Java
keystores is not fond of self signed certs. I would really appreciate if
someone could help me sort this out. Thanks again.
Regards
--------------------------------------
Sanjay Vivek
Arts and Humanities Data Service
King's College London
26-29 Drury Lane
London, WC2B 5RL
Phone: 020 7848 1974:
Email: [EMAIL PROTECTED]
<<attachment: winmail.dat>>
