users@glassfish.java.net

RE: Re: SSL Mutual Authentication via JAX-WS

From: Drinkwater, GJ \(Glen\) <"Drinkwater,>
Date: Fri, 4 May 2007 16:02:31 +0100

Hi
 
This are the steps i used , what steps did you do differently??
 
1) http://users.skynet.be/ballet/joris/SimpleCA/ and create a simple
root certificate and a user credential

2) Converted the pkcs12 file using globus toolkit into a java jks
keystore
 
$ keytool.exe" -list -keystore simple.jks -v
Enter keystore password:
 
Keystore type: JKS
Keystore provider: SUN
 
Your keystore contains 1 entry
 
Alias name: globus
Creation date: 26-Apr-2007
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: EMAILADDRESS=simple_at_s.com, CN=glen simple
Issuer: EMAILADDRESS=democa_at_democa.com, CN=SimpleCA Demo CA, OU=Demo CA,
O=SimpleCA, L=GB, ST=England, C=GB
Serial number: 1000
Valid from: Thu Apr 26 16:55:49 BST 2007 until: Fri Apr 25 16:55:49 BST
2008
Certificate fingerprints:
         MD5: 42:7D:75:8D:AC:7C:16:EF:30:22:F8:D1:2A:65:88:22
         SHA1:
76:AD:7B:63:B4:16:CA:2E:3A:F1:84:3C:C1:6B:2E:9C:03:E1:F2:55
         Signature algorithm name: MD5withRSA
         Version: 3
 
Extensions:
 
#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]
 
#2: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  clientAuth
  emailProtection
]
 
#3: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: BD 9D CA A5 47 D5 AC 3B 48 01 D5 F3 DF 96 46 DD
....G..;H.....F.
0010: B4 ED 06 02 ....
]
 
]
 
#4: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  RFC822Name: simple_at_s.com
]
 
 
 
*******************************************
*******************************************

3) Export the simple CA cert from keystore
 
keytool -export -alias globus -file simple.crt -keystore simple.jks
 
4) Import this into cacerts for glassfish
 
keytool -import -keystore glassfish\domains\domain1\config\cacerts.jks
-file simple.crt -trustcacerts
 
5) Restart glassfish
 
6) Run application with VM options and again i get the same error, I
then try and add the root simpleCA to cacerts and again fails.
 
 -Djavax.net.ssl.trustStore=${truststore.location}
   -Djavax.net.ssl.trustStorePassword=${ssl.password}
   -Djavax.net.ssl.keyStore =${keystore.location}
   -Djavax.net.ssl.keyStorePassword=${ssl.password}
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.