users@glassfish.java.net

Re: Glassfish certificate chain

From: Serge Fonville <serge.fonville_at_gmail.com>
Date: Sun, 23 Aug 2009 11:12:53 +0200

Hi,

The only thing I can imagine is that I added subjectaltname to it.
But apache starts without error and it works as expected...

How do I generate an version 3 certificate then?

--Commands--
openssl genrsa -out ServerCertificates\private\sergefonville.nl.key
openssl req -config openssl.cnf -new -key
ServerCertificates\private\sergefonville.nl.key -out
SiteCA\requests\sergefonville.nl.csr -days 365 -reqexts
srv_sergefovnille_nl_cert
openssl ca -config openssl.cnf -keyfile SiteCA\private\siteca.key
-cert SiteCA\certs\siteca.pem -out
ServerCertificates\certs\sergefonville.nl.pem -in
SiteCA\requests\sergefonville.nl.csr -days 365 -name CA_site

--Openssl.cnf--
[ srv_sergefovnille_nl_cert ]
basicConstraints = CA:FALSE
nsComment = "Fonville IT Certificate"
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_sergefovnille_nl

[ alt_sergefovnille_nl ]
DNS.0 = www.sergefonville.nl

Thanks for the help so far

Regards,

Serge Fonville

On Sun, Aug 23, 2009 at 10:25 AM, Bruno Bonfils<asyd_at_asyd.net> wrote:
> On Sat 22 August, Serge Fonville wrote:
>> Hi,
>>
>> I figured out I needed to convert all of them to DER prior to importing them...
>>
>> I used: http://www.agentbob.info/agentbob/79-AB.html for the steps to
>> importing the key.
>>
>> > What error do you have?
>>
>> I ran:
>> --
>> java ImportKey sergefonville.nl.key.der sergefonville.nl.der
>>
>> I got:
>> --
>> Using keystore-file : C:\Users\Serge Fonville\keystore.ImportKey
>> java.security.cert.CertificateParsingException: no more data allowed
>> for version 1 certificate
>
> Can you show your certificate? Seem you're using some extensions which
> are not allowed in version 1 of x509 certificate, you probably should
> use version 3 instead. How you generated your certificate?
>
> --
> http://asyd.net/home/    - Home Page
> http://guses.org/home/   - French Speaking (Open)Solaris User Group
> http://netvibes.com/asyd - Portal
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.