[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Fwd: Re: SSL Problems
Reviving an old thread.
I did exactly what you've described. Generated a certificate for a
trusted CA using Microsoft Certificate Server and imported it into the
jre/lib/security/cacerts file. Then I had the trusted CA issue a
certificate which I exported to a certificate file. However, when I try
to use this certificate through my java application, the runtime
complains:
java.io.IOException: Invalid keystore format
I am assuming this is because the certificate issued by the Microsoft
Certificate server is in an incompatible format.
How can I get around this problem?
Thanks,
Arpit.
--- Brian Lee <brian_a_lee@hotmail.com> wrote:
> You have to import the certificate authority (ca)
> cert that signed the
> current ssl session's cert to your trusted certs
> directory.
>
> I believe you can do this by modifying the
> jre/lib/security/cacerts file
> with your ca cert. You can use sun's keytool for
> this.
>
http://java.sun.com/docs/books/tutorial/security1.2/summary/tools.html
>
> In order to create your own certificate you must
> create a certificate
> authority cert that you use to sign your custom
> certs. I always used
> Microsoft's Certificate Server from the NT4 Option
> Pack, but there's tons of
> other certs softwares out there.
>
> The idea behind the certificate authority is that
> they are supposed to
> verify that you own the domain the certificate is
> assigned to. This prevents
> bad hackers from pretending to be your domain with
> their own certificate.
> The reality is that VeriSign costs anywhere from
> $400 up for one cert and
> sometimes you just need encryption on your own apps
> or for your own
> application (a la hushmail).
>
> BAL
>
> >From: cfowler <cfowler@outpostsentinel.com>
> >To: Jefferson Silva
> <Jefferson.Silva@eldorado.org.br>
> >CC: ajug-members@ajug.org
> >Subject: Re: SSL Problems
> >Date: 03 Feb 2003 11:28:58 -0500
> >
> >I'll forward this to the list for more reponses.
> >
> >A while back I did get a response and sample code.
> But that code
> >overrode deprecated methods. And that did not
> work.
> >
> >
> >
> >On Mon, 2003-02-03 at 11:13, Jefferson Silva wrote:
> > > Hi,
> > >
> > > I'm trying to create a client to access my
> server, and I got the same
> > > problem
> > > you got some time. I saw your post to the forum.
> Have you got a solution
> > > for your problem ? If so, could you help me ?
> > >
> > > I'm trying to do almost the same you've tried.
> > >
> > > Thanks a lot
> > > Regards,
> > > Jefferson
> > >
> > >
> > > SSL Refusal
> > >
> > > * To: ajug-members@ajug.org
> <mailto:ajug-members@ajug.org>
> > > * Subject: SSL Refusal
> > > * From: "Christopher Fowler"
> <cfowler@outpostsentinel.com
> > > <mailto:cfowler@outpostsentinel.com>>
> > > * Date: Tue, 08 Oct 2002 17:47:46 -0400
> > > * Reply-To: cfowler@outpostsentinel.com
> > > <mailto:cfowler@outpostsentinel.com>
> > >
> > > I use https on my server but do not have a
> trusted certificate. I use
> > > it strictly for the encryption capabilites. Do
> I need to enable a
> > > switch in the URL connection to be able to get
> past this error:
> > >
> > >
> > > javax.net.ssl.SSLHandshakeException:
> > > java.security.cert.CertificateException:
> Couldn't find trusted
> > > certificate
> > > at
>
com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
> > > at
>
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > at
>
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > > at
>
com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> > > at
>
com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
> > > at com.sun.net.ssl.int
> > >
> > >
>
>
>
--
<Your favorite quote here>