I am trying to use Windows Certificate Server to sign my client
certificates.
First I tried to use a certificate that was generated in IE, but that didn't
seem to work (has anyone gotten this to work before?), so now I am trying
certificates generated by IBM's keyman program.
These are the steps I take:
1. In keyman, generate a key pair in a PKCS#12 file.
2. Create a certificate request based on this key pair
3. In Microsoft Certificate Server's certsrv webpage, select the following
options:
- "Request a certificate"
- "Advanced Request"
- "Submit a certificate request using a base64 encoded PKCS #10 file or
a renewal request using a base64 encoded PKCS #7 file"
4. Paste the certificate request into the window
5. Issue the certificate request on the server
6. In Microsoft Certificate Server's certsrv webpage, select "Check on a
pending certificate" and select the saved-request certificate
7. Click on the "Download CA Certification Path" link, and save the
certnew.p7b file to disk
8. In keyman, import the .p7b file. This attaches itself to the original
key pair.
9. Save the keystore as a .p12 file
10. Import this .p12 file into IE
11. Export the signing certificate from IE into a file called MyCA.cer
12. Import this cer file into Java's cacerts keystore
13. Restart tomcat
At this stage everything should work, but it doesn't. I can only get it to
work by exporting the new certificate itself into a .cer file and importing
that into the cacerts file. For some reason, tomcat doesn't trust Windows
Certificate Server's root certificate, or at least doesn't trust any
certificates signed by it, even after I have imported it into the cacerts
file.
Has anyone done this before?
Thanks
Martin
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
