Re: 5.0.18 + keytool
You might try adding '-trustcacerts' to your import command (I'm not interested enough to try it myself :). However, the easiest way to do what you want (IMHO) is to use a PKCS12 keystore. There is an example in the Tomcat5 ssl-howto. Stewart Walker [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Wondering if I my message is getting out there as as I've seen no response. Going to try again. Could really use your help getting past the below error while trying to setup/import a server certificate. The required jsse jar files are in $JAVA_HOME/jre/lib/ext The IBMJava was installed during the Linux install. As far as I can tell it isn't running anything and $JAVA_HOME/bin is first in the path. But I still wonder. keytool was run by root in $JAVA_HOME/bin Haven't done anything with apache yet our web based servlet app is working on 8080 with tomcat. Thanks. Linux ES 2.1 249-e.37 kernel j2sdk1.4.2_03 tomcat5.0.18 $PATH /usr/kerberos/sbin: /usr/kerberos/bin: /usr/java/j2sdk1.4.2_03/bin: /opt/IBMJava2-131/bin: /opt/IBMJava2-131/jre/bin: /usr/local/sbin:/sbin:/usr/sbin: /bin:/usr/bin:/usr/bin/X11: /usr/local/bin: /usr/bin: /usr/X11R6/bin: /root/bin: [EMAIL PROTECTED] ps aux |grep java root 2985 27.0 0.7 246712 29368 pts/5 S08:38 0:04 /usr/java/j2sdk1. root 2986 0.0 0.7 246712 29368 pts/5 S08:38 0:00 /usr/java/j2sdk1. this is just a snipit.. [EMAIL PROTECTED]/ca]#ls -l -rwxr-xr-x1 root apache785 Feb 18 10:16 ca.csr -rwxr-xr-x1 root apache887 Feb 18 10:16 ca.key -rwxr-xr-x1 root apache 1066 Feb 18 10:17 ca.pem [EMAIL PROTECTED] openssl req -new -newkey / rsa:1024 -nodes -out /usr/java/ssl/ca/ca.csr / -keyout /usr/java/ssl/ca/ca.key Using configuration from /usr/share/ssl/openssl.cnf Generating a 1024 bit RSA private key .++ ..++ writing new private key to '/usr/java/ssl/ca/ca.key' - ok works fine [EMAIL PROTECTED] openssl x509 -trustout / -signkey /usr/java/ssl/ca/ca.key / -days 720 -req -in /usr/java/ssl/ca/ca.csr / -out /usr/java/ssl/ca/ca.pem Signature ok subject=/C=US/ST=state/L=city/O=City state/OU=dept/CN=computer/Email=email Getting Private key ok works fine [EMAIL PROTECTED] keytool -import -keystore / $JAVA_HOME/jre/lib/security/cacerts / -file /usr/java/ssl/ca/ca.pem -alias test_ca Enter keystore password: changeit Exception in thread main java.lang.ExceptionInInitializerError at javax.crypto.Cipher.a(DashoA6275) at javax.crypto.Cipher.getInstance(DashoA6275) at com.baltimore.jcrypto.provider.crypto.signatures.RSASignature.init([DashoP ro- V1.3-013000]) at com.baltimore.jcrypto.provider.crypto.signatures.JCRYPTO_RSAwithMD5Signature - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
5.0.18 + keytool
Wondering if I my message is getting out there as as I've seen no response. Going to try again. Could really use your help getting past the below error while trying to setup/import a server certificate. The required jsse jar files are in $JAVA_HOME/jre/lib/ext The IBMJava was installed during the Linux install. As far as I can tell it isn't running anything and $JAVA_HOME/bin is first in the path. But I still wonder. keytool was run by root in $JAVA_HOME/bin Haven't done anything with apache yet our web based servlet app is working on 8080 with tomcat. Thanks. Linux ES 2.1 249-e.37 kernel j2sdk1.4.2_03 tomcat5.0.18 $PATH /usr/kerberos/sbin: /usr/kerberos/bin: /usr/java/j2sdk1.4.2_03/bin: /opt/IBMJava2-131/bin: /opt/IBMJava2-131/jre/bin: /usr/local/sbin:/sbin:/usr/sbin: /bin:/usr/bin:/usr/bin/X11: /usr/local/bin: /usr/bin: /usr/X11R6/bin: /root/bin: [EMAIL PROTECTED] ps aux |grep java root 2985 27.0 0.7 246712 29368 pts/5 S08:38 0:04 /usr/java/j2sdk1. root 2986 0.0 0.7 246712 29368 pts/5 S08:38 0:00 /usr/java/j2sdk1. this is just a snipit.. [EMAIL PROTECTED]/ca]#ls -l -rwxr-xr-x1 root apache785 Feb 18 10:16 ca.csr -rwxr-xr-x1 root apache887 Feb 18 10:16 ca.key -rwxr-xr-x1 root apache 1066 Feb 18 10:17 ca.pem [EMAIL PROTECTED] openssl req -new -newkey / rsa:1024 -nodes -out /usr/java/ssl/ca/ca.csr / -keyout /usr/java/ssl/ca/ca.key Using configuration from /usr/share/ssl/openssl.cnf Generating a 1024 bit RSA private key .++ ..++ writing new private key to '/usr/java/ssl/ca/ca.key' - ok works fine [EMAIL PROTECTED] openssl x509 -trustout / -signkey /usr/java/ssl/ca/ca.key / -days 720 -req -in /usr/java/ssl/ca/ca.csr / -out /usr/java/ssl/ca/ca.pem Signature ok subject=/C=US/ST=state/L=city/O=City state/OU=dept/CN=computer/Email=email Getting Private key ok works fine [EMAIL PROTECTED] keytool -import -keystore / $JAVA_HOME/jre/lib/security/cacerts / -file /usr/java/ssl/ca/ca.pem -alias test_ca Enter keystore password: changeit Exception in thread main java.lang.ExceptionInInitializerError at javax.crypto.Cipher.a(DashoA6275) at javax.crypto.Cipher.getInstance(DashoA6275) at com.baltimore.jcrypto.provider.crypto.signatures.RSASignature.init([DashoPro- V1.3-013000]) at com.baltimore.jcrypto.provider.crypto.signatures.JCRYPTO_RSAwithMD5Signature. init([DashoPro-V1.3-013000]) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorI mpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructor AccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:274) at java.lang.Class.newInstance0(Class.java:308) at java.lang.Class.newInstance(Class.java:261) at java.security.Security.doGetImpl(Security.java:1137) at java.security.Security.doGetImpl(Security.java:1084) at java.security.Security.getImpl(Security.java:1045) at java.security.Signature.getInstance(Signature.java:169) at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:425) at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:383) at sun.security.tools.KeyTool.addTrustedCert(KeyTool.java:1251) at sun.security.tools.KeyTool.doCommands(KeyTool.java:512) at sun.security.tools.KeyTool.run(KeyTool.java:124) at sun.security.tools.KeyTool.main(KeyTool.java:118) Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs at javax.crypto.SunJCE_b.clinit(DashoA6275) ... 20 more Caused by: java.security.PrivilegedActionException: java.security.cert.CertificateException: OIDs::getInstance() - Cannot find any provider supporting RSA at java.security.AccessController.doPrivileged(Native Method) ... 21 more Caused by: java.security.cert.Cer tificateException: OIDs::getInstance() - Cannot find any provider supporting RSA at com.baltimore.jpkiplus.x509.JCRYPTO_X509Certificate.verify([DashoPro- V1.3-013000]) at javax.crypto.SunJCE_b.c(DashoA6275) at javax.crypto.SunJCE_b.b(DashoA6275) at javax.crypto.SunJCE_s.run(DashoA6275) ... 22 more
Re: 5.0.18 + keytool
Yes, your message is getting through. I've never had that error, although I have almost the same config as you. I assume you've googled as well? On 02/20/2004 05:14 PM Stewart Walker wrote: Wondering if I my message is getting out there as as I've seen no response. Going to try again. Could really use your help getting past the below error while trying to setup/import a server certificate. The required jsse jar files are in $JAVA_HOME/jre/lib/ext The IBMJava was installed during the Linux install. As far as I can tell it isn't running anything and $JAVA_HOME/bin is first in the path. But I still wonder. keytool was run by root in $JAVA_HOME/bin Haven't done anything with apache yet our web based servlet app is working on 8080 with tomcat. Thanks. Linux ES 2.1 249-e.37 kernel j2sdk1.4.2_03 tomcat5.0.18 $PATH /usr/kerberos/sbin: /usr/kerberos/bin: /usr/java/j2sdk1.4.2_03/bin: /opt/IBMJava2-131/bin: /opt/IBMJava2-131/jre/bin: /usr/local/sbin:/sbin:/usr/sbin: /bin:/usr/bin:/usr/bin/X11: /usr/local/bin: /usr/bin: /usr/X11R6/bin: /root/bin: [EMAIL PROTECTED] ps aux |grep java root 2985 27.0 0.7 246712 29368 pts/5 S08:38 0:04 /usr/java/j2sdk1. root 2986 0.0 0.7 246712 29368 pts/5 S08:38 0:00 /usr/java/j2sdk1. this is just a snipit.. [EMAIL PROTECTED]/ca]#ls -l -rwxr-xr-x1 root apache785 Feb 18 10:16 ca.csr -rwxr-xr-x1 root apache887 Feb 18 10:16 ca.key -rwxr-xr-x1 root apache 1066 Feb 18 10:17 ca.pem [EMAIL PROTECTED] openssl req -new -newkey / rsa:1024 -nodes -out /usr/java/ssl/ca/ca.csr / -keyout /usr/java/ssl/ca/ca.key Using configuration from /usr/share/ssl/openssl.cnf Generating a 1024 bit RSA private key .++ ..++ writing new private key to '/usr/java/ssl/ca/ca.key' - ok works fine [EMAIL PROTECTED] openssl x509 -trustout / -signkey /usr/java/ssl/ca/ca.key / -days 720 -req -in /usr/java/ssl/ca/ca.csr / -out /usr/java/ssl/ca/ca.pem Signature ok subject=/C=US/ST=state/L=city/O=City state/OU=dept/CN=computer/Email=email Getting Private key ok works fine [EMAIL PROTECTED] keytool -import -keystore / $JAVA_HOME/jre/lib/security/cacerts / -file /usr/java/ssl/ca/ca.pem -alias test_ca Enter keystore password: changeit Exception in thread main java.lang.ExceptionInInitializerError at javax.crypto.Cipher.a(DashoA6275) at javax.crypto.Cipher.getInstance(DashoA6275) at com.baltimore.jcrypto.provider.crypto.signatures.RSASignature.init([DashoPro- V1.3-013000]) at com.baltimore.jcrypto.provider.crypto.signatures.JCRYPTO_RSAwithMD5Signature. init([DashoPro-V1.3-013000]) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorI mpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructor AccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:274) at java.lang.Class.newInstance0(Class.java:308) at java.lang.Class.newInstance(Class.java:261) at java.security.Security.doGetImpl(Security.java:1137) at java.security.Security.doGetImpl(Security.java:1084) at java.security.Security.getImpl(Security.java:1045) at java.security.Signature.getInstance(Signature.java:169) at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:425) at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:383) at sun.security.tools.KeyTool.addTrustedCert(KeyTool.java:1251) at sun.security.tools.KeyTool.doCommands(KeyTool.java:512) at sun.security.tools.KeyTool.run(KeyTool.java:124) at sun.security.tools.KeyTool.main(KeyTool.java:118) Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs at javax.crypto.SunJCE_b.clinit(DashoA6275) ... 20 more Caused by: java.security.PrivilegedActionException: java.security.cert.CertificateException: OIDs::getInstance() - Cannot find any provider supporting RSA at java.security.AccessController.doPrivileged(Native Method) ... 21 more Caused by: java.security.cert.Cer tificateException: OIDs::getInstance() - Cannot find any provider supporting RSA at com.baltimore.jpkiplus.x509.JCRYPTO_X509Certificate.verify([DashoPro- V1.3-013000]) at javax.crypto.SunJCE_b.c(DashoA6275) at javax.crypto.SunJCE_b.b(DashoA6275) at javax.crypto.SunJCE_s.run(DashoA6275) ... 22 more -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
