users@glassfish.java.net

RE: SSL server cert question

From: Martin Gainty <mgainty_at_hotmail.com>
Date: Mon, 8 Mar 2010 16:18:04 -0500

the only thing i can suggest is that issued certificates only work in a specific environment
copying one cert which is guaranteed to work on one machine and one set DN credentials wont work on another machine
with different (DN) credential set
it this is a valid certificate the certificate provider (VERISIGN?) should know exactly whats going on..contact them for
a solution

Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
 
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.




> Date: Mon, 8 Mar 2010 09:52:00 -0800
> From: Karen.Wu_at_Sun.COM
> To: users_at_glassfish.dev.java.net
> Subject: SSL server cert question
>
> Hi,
>
> I was trying to setup a new server certificate on one of our demo servers which has glassfish (Sun GlassFish Enterprise Server v2.1.1 Patch01) installed. And I got the production servrer certificate from the corp SSL Server site: https://wikis.sun.com/display/SunPKIstore/Corp+SSL+Server. However, after I installed the new cert, the .asadmintruststore file didn't get updated. According to the doc, I should be able to run any asadmin command to be prompted to accept the new cert, but none of the command prompt me, do you know what would cause this?
>
> I used the following command to install the new certificate:
> # ./certutil -A -n TestSSLCert -t "P,u,u" -d /opt/glassfishv2/domains/domain1/config -i /export/home/aries-app-server.cert
> # ./certutil -V -u V -d /opt/glassfishv2/domains/domain1/config -n TestSSLCert
> certutil: certificate is valid
> # ./certutil -L -n TestSSLCert -d /opt/glassfishv2/domains/domain1/config
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number:
> 34:36:00:30:55:0d:04:28:19:ab:43:94:8c:b2:3d:9d
> Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
> Issuer: "CN=Sun Microsystems Inc SSL CA,OU=Class 3 MPKI Secure Server
> CA,OU=VeriSign Trust Network,O=Sun Microsystems Inc"
> Validity:
> Not Before: Tue Jan 05 00:00:00 2010
> Not After : Wed Jan 05 23:59:59 2011
> Subject: "CN=aries.demo.sun.com,OU=Class B,OU=Comms,O=Sun Microsystem
> s Inc.,L=Santa Clara,ST=California,C=US"
> Subject Public Key Info:
> Public Key Algorithm: PKCS #1 RSA Encryption
> RSA Public Key:
> Modulus:
> fa:a9:d7:74:d9:58:ff:d7:d3:ee:76:1c:3a:ed:52:25:
> 14:3e:e9:f6:69:ec:41:e0:8f:fd:94:13:b2:fa:6b:77:
> 53:89:17:2b:1d:ca:f7:e0:64:b6:ec:f5:2c:0b:56:e3:
> c1:ec:f1:a1:9e:85:37:69:eb:be:ed:f2:f2:8e:97:c5:
> b7:2c:da:2b:27:36:e0:e8:8f:91:ab:aa:bc:95:fb:44:
> 0d:72:06:fc:2e:f8:cf:09:93:be:b5:00:7d:07:8e:c9:
> c9:85:aa:91:96:10:ff:b5:e1:d5:23:9e:6a:cf:d6:28:
> f4:2b:7f:ab:ee:19:60:36:6e:f8:52:d2:c9:44:af:f1
> Exponent: 65537 (0x10001)
> Signed Extensions:
> Name: Certificate Basic Constraints
> Data: Is not a CA.
>
> Name: Certificate Subject Key ID
> Data:
> 12:05:b6:2b:d4:97:44:6c:7e:23:88:4a:75:cc:69:ae:
> ff:e0:a0:26
>
> Name: Certificate Authority Key Identifier
> Key ID:
> d7:dd:5e:81:be:cf:5c:e3:dc:d2:f2:8d:ed:04:b8:ac:
> 17:f9:01:fa
>
> Name: Certificate Key Usage
> Critical: True
> Usages: Digital Signature
> Key Encipherment
>
> Name: Extended Key Usage
> TLS Web Server Authentication Certificate
> TLS Web Client Authentication Certificate
>
> Name: Certificate Policies
> Data:
> Policy Name: Verisign Class 3 Certificate Policy
> Policy Qualifier Name: PKIX CPS Pointer Qualifier
> Policy Qualifier Data: "https://www.verisign.com/rpa"
> Policy Name: OID.2.16.840.1.113536.509.3647
> Policy Qualifier Name: PKIX CPS Pointer Qualifier
> Policy Qualifier Data: "https://www.sun.com/pki/cps"
> Policy Qualifier Name: PKIX User Notice Qualifier
> Display Text: "lidated For Sun Business Operations"
>
> Name: CRL Distribution Points
> URI: "http://SVRC3SecureSunMicrosystems-MPKI-crl.verisign.com/Sun
> MicrosystemsIncClassBUnified/LatestCRLSrv.crl"
>
> Name: Authority Information Access
> Method: PKIX Online Certificate Status Protocol
> Location:
> URI: "http://ocsp.verisign.com"
>
> Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
> Signature:
> 2f:13:e3:5a:5e:2d:ec:4e:c0:72:d0:e4:f6:09:61:85:
> e3:b6:76:03:00:df:d1:38:d5:91:e8:10:2a:50:d5:94:
> fa:ef:c2:bd:65:e7:fd:b9:2c:bf:3f:9a:77:32:b0:c6:
> f2:ac:83:37:58:53:15:65:2b:cd:b6:c3:ec:d1:56:7a:
> af:fa:cb:2e:7b:a8:78:7e:5b:20:f1:d1:0f:dd:ac:27:
> 07:10:b2:c3:5a:e8:78:54:77:82:f2:31:49:ba:ce:76:
> 39:da:7c:d6:0b:55:61:85:e6:4f:f8:9a:8a:8e:01:53:
> 31:3a:86:fc:1a:e9:16:61:bf:33:6a:2b:6c:21:3d:a9:
> 01:bf:e1:41:a8:91:8a:2f:d8:be:bc:91:d8:97:b3:d0:
> d9:79:9b:b9:45:eb:08:55:80:7d:06:e1:fd:32:1c:6b:
> e9:00:80:09:52:c1:f6:3f:c7:53:ea:c0:df:20:d2:fc:
> 88:f8:64:0d:79:1b:ba:14:b2:fd:23:62:df:66:fe:c3:
> fa:1c:17:ad:38:96:15:e5:94:41:6f:71:2e:44:80:62:
> 30:c4:b2:6f:4a:5c:41:e0:de:fb:c3:07:97:09:fe:86:
> 14:63:c8:d1:ba:a1:76:6a:e5:79:e1:1b:c6:bf:12:f5:
> 53:a0:54:8e:c0:33:21:37:88:df:ed:cd:fd:e9:47:07
> Fingerprint (MD5):
> F0:F4:22:3D:6D:47:C7:42:EB:6E:EE:F1:AA:11:48:78
> Fingerprint (SHA1):
> CE:F6:3F:FA:8D:09:2B:61:33:EC:7E:84:4B:65:4B:B1:92:7E:41:57
>
> Certificate Trust Flags:
> SSL Flags:
> Valid Peer
> Trusted
> Email Flags:
> Object Signing Flags:
>
> Any help is appreciated. Thanks,
> Karen
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
                                               
_________________________________________________________________
Hotmail: Powerful Free email with security by Microsoft.
http://clk.atdmt.com/GBL/go/201469230/direct/01/