users@glassfish.java.net

Re: Glassfish certificate chain

From: Serge Fonville <serge.fonville_at_gmail.com>
Date: Sun, 23 Aug 2009 22:01:30 +0200

> The only thing I can imagine is that I added subjectaltname to it.
> But apache starts without error and it works as expected...
>
> How do I generate an version 3 certificate then?
According to the docs on openssl.org for the ca command
When there is a extensions section present it should automatically be
a version 3 certificate...

I added -extensions to the ca command. now I have a v3 cert.
The next step is using the generated keystore file.
I'm not sure how I would go about and do that actually...

https://www.sergefonville.nl

Thanks for the help so far

Regards,

Serge Fonville

> --Commands--
> openssl genrsa -out ServerCertificates\private\sergefonville.nl.key
> openssl req -config openssl.cnf -new -key
> ServerCertificates\private\sergefonville.nl.key -out
> SiteCA\requests\sergefonville.nl.csr -days 365 -reqexts
> srv_sergefovnille_nl_cert
> openssl ca -config openssl.cnf -keyfile SiteCA\private\siteca.key
> -cert SiteCA\certs\siteca.pem -out
> ServerCertificates\certs\sergefonville.nl.pem -in
> SiteCA\requests\sergefonville.nl.csr -days 365 -name CA_site
>
> --Openssl.cnf--
> [ srv_sergefovnille_nl_cert ]
> basicConstraints = CA:FALSE
> nsComment = "Fonville IT Certificate"
> keyUsage = nonRepudiation, digitalSignature, keyEncipherment
> subjectAltName = @alt_sergefovnille_nl
>
> [ alt_sergefovnille_nl ]
> DNS.0 = www.sergefonville.nl
>
> Thanks for the help so far
>
> Regards,
>
> Serge Fonville
>
> On Sun, Aug 23, 2009 at 10:25 AM, Bruno Bonfils<asyd_at_asyd.net> wrote:
>> On Sat 22 August, Serge Fonville wrote:
>>> Hi,
>>>
>>> I figured out I needed to convert all of them to DER prior to importing them...
>>>
>>> I used: http://www.agentbob.info/agentbob/79-AB.html for the steps to
>>> importing the key.
>>>
>>> > What error do you have?
>>>
>>> I ran:
>>> --
>>> java ImportKey sergefonville.nl.key.der sergefonville.nl.der
>>>
>>> I got:
>>> --
>>> Using keystore-file : C:\Users\Serge Fonville\keystore.ImportKey
>>> java.security.cert.CertificateParsingException: no more data allowed
>>> for version 1 certificate
>>
>> Can you show your certificate? Seem you're using some extensions which
>> are not allowed in version 1 of x509 certificate, you probably should
>> use version 3 instead. How you generated your certificate?
>>
>> --
>> http://asyd.net/home/    - Home Page
>> http://guses.org/home/   - French Speaking (Open)Solaris User Group
>> http://netvibes.com/asyd - Portal
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>>
>