users@glassfish.java.net

Peer's public key is invalid. certutil

From: <glassfish_at_javadesktop.org>
Date: Tue, 23 Dec 2008 21:20:18 PST

I m getting following error while signing client certificate using CA certificate. I m able to sign Server Certificate but when tried to sign client certificate it give me "certutil: unable to retrieve key SSLTestDEV: Peer's public key is invalid. certutil: could not obtain certificate from file: Peer's public key is invalid."

I m using enterprise edition of Sun Java System Application Server Enterprise Edition 8.1_02 (build b35-p17) on solaris server.

[b]ON SERVER MACHINE[/b]

Command i used to create CA certificate
/opt/SUNWappserver/appserver/lib/certutil -S -x -1 -2 -5 -m 100 -t "TCu,Cu,Cu" -s "CN=sapp81, OU=bbb.com, O=bbb LTD., L=Mumbai, ST=MA, C=IN" -n SSLTestCA -v 6 -d /var/opt/SUNWappserver/domains/ssl_server/config/

command i used to create Server certificate using above CA.

/opt/SUNWappserver/appserver/lib/certutil -S -c SSLTestCA -m 101 -t "Pu,Pu,Pu" -s "CN=ind-mhp1sunz59.bbb.com, OU=bbb.com, O=bbb LTD., L=Mumbai, ST=MA, C=IN" -n SSLTestDEV -v 12 -d /var/opt/SUNWappserver/domains/ssl_server/config

command i used to extract CA certificate from nss db

/opt/SUNWappserver/appserver/lib/certutil -L -n SSLTestCA -r -o SSLTestCA.cert -d /var/opt/SUNWappserver/domains/ssl_server/config

command i used to change CA certificate attribute

/opt/SUNWappserver/appserver/lib/certutil -A -n SSLTestCA -t "CT,C,C" -i SSLTestCA.cert -d /var/opt/SUNWappserver/domains/ssl_server/config

[b]ON CLIENT MACHINE[/b]

I copied CA certificate to client server then i exported the CA certificate to client NSS DB
/opt/SUNWappserver/appserver/lib/certutil -A -n SSLTestCA -t "CT,C,C" -i SSLTestCA.cert -d /var/opt/SUNWappserver/domains/ssl_client/config

TILL THIS IT WORKS FINE.

But when I try to create and sign client certificate using following command

/opt/SUNWappserver/appserver/lib/certutil -S -c SSLTestCA -m 3003 -t "Pu,Pu,Pu" -s "cn=ccc, ou=bbb.com, C=IN" -n SSLClient1 -v 12 -d .
it give me following error.

certutil: unable to retrieve key SSLTestCA : Peer's public key is invalid. certutil: could not obtain certificate from file: Peer's public key is invalid.

Can anybody please help me to solve this mystery.
[Message sent by forum member 'kuwaronline' (kuwaronline)]

http://forums.java.net/jive/thread.jspa?messageID=323172