users@glassfish.java.net

Re: Add a self-signed certificate to a truststore.

From: Erwin Rehme <erwin.rehme_at_oracle.com>
Date: Mon, 15 Mar 2010 16:27:23 -0600

Thanks Shing,

With the help of this web page I was able to get the certificate into
the db. Instead of using certutil to export the cert from the server, I
used pk12util. I was then able to import to my client app server db
using pk12util. This gave me a cert with "u,u,u" trust attributes.

Now my question is how do I get my .asadmintruststore updated with this
new cert? I tried deleting the .asadmintruststore file and running an
asadmin command but that only put the app server cert in and not the new
one.

-- Erwin

Shing Wai Chan wrote:
> You may like to read:
> http://developers.sun.com/appserver/reference/techart/keymgmt.html
> Shing Wai Chan
>
> On 3/15/10 10:08 AM, Erwin Rehme wrote:
>> I have some client code running in glassfish that needs to connect to a
>> server using SSL. I have been given the .rfc file for the self-signed
>> certificate of the server and I'm trying to add it to my
>> .asadmintruststore.
>>
>> The command:
>>
>> certutil -A -n SampleSSLServerCert -t "u,u,u" -d
>> /opt/SUNWappserver/domains/domain1/config/ -i /SampleSSLServerCert.rfc
>>
>> adds the cert to the db but when I do:
>>
>> certutil -L -d /opt/SUNWappserver/domains/domain1/config
>>
>> I get:
>>
>> SampleSSLServerCert ,,
>>
>> and:
>>
>> certutil -V -u V -d /opt/SUNWappserver/domains/domain1/config -n
>> SampleSSLServerCert
>>
>> says that the cert is invalid.
>>
>> If I use -t "P,P,P", the certificate is valid but when I delete
>> .asadmintruststore and run:
>>
>> asadmin list-jms-hosts
>>
>> I get a prompt that asks me if I want to trust the app server
>> certificate but I don't get a prompt to trust the self-signed
>> certificate.
>>
>> Does the self-signed cert need to be added to the db using -t "u,u,u"
>> and if so, how to I do that?
>>
>> If I can use -t "P,P,P" to get a valid cert into the db, how do I get
>> that self-signed cert into .asadmintruststore?
>>
>> Thanks for your help.
>>
>> -- Erwin
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.