SSL key generation, yet again

Sat, 08 Jul 2000 04:56:38 -0700 

Okay, this is very frustrating. :(

I'm using Sun's JDK 1.3.0 for Linux, Orion 1.1.9. Output from java
-version:

java version "1.3.0beta"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0beta-b07) 
Java HotSpot(TM) Client VM (build 1.3.0beta-b04, mixed mode) 


I've tried the SSL-howto steps from www.orionserver.com; if I
use -keyalg "RSA", I get this message:

keytool error: java.security.NoSuchAlgorithmException: RSA
KeyPairGenerator not available

That's fairly self-explanatory, although odd. So, being intrepid and all,
I simply remove the RSA specification, since this is just a test cert,
after all.

That allows me to create the keystore. The key password for <mykey> is
left as the same as the keystore password.

So I go happily along my way, generating the .csr file with no obvious
difficulty. I go to thawte.com, as the howto suggests. My only deviation
from the howto is, as mentioned, the elimination of '-keyalg "RSA"' from
the keytool invocation.

At thawte.com, I post my certificate request via IE5, set validity for 360
days, valid from now, type of certificate is "Test SSL Chained CA Cert",
and use the default certificate format. I hit the "Generate Test
Certificate" submit button and get a certificate, in PKCS #7 SIGNED DATA
format.

I take the certificate source, cat it into a .cer file, as the howto
suggests.

And here's where things start falling apart.

% keytool -keystore keystore -import -trustcacerts -file cupid.cer 
Enter keystore password:  123456 
keytool error: java.lang.Exception: Certificate chain in reply does not 
verify: MD5WITHRSA Signature not available

Well, since I don't have RSA in the JDK, I suppose that makes sense.

However, there's not a lot I can do about it, since chained certs
apparently only use the RSA algorithm; thawte says they ignore any
specifications for chained CA certs, using ONLY PKCS #7 for these. I don't
know where to get a version of the RSA algorithm for JSSE (I downloaded
the JSSE stuff from Sun, but Orion's version looks more recent, so I'm
using Orion's). jcert.jar does, in fact, have an MD5RSA algorithm, but I
have no idea how to tell Java that, or why it's not realising it on its
own.

Can anyone help? This is a critical issue for me and I am royally stuck.

-----------------------------------------------------------
Joseph B. Ottinger               [EMAIL PROTECTED]
http://cupid.suninternet.com/~joeo      HOMES.COM Developer

Reply via email to