Can we programmatically create X.509 Certificate which contains arbitrary attributes e.g. Age, Gender, Designation etc.
I need to create Authorization Certificate, which client application will present to server application before executing the required function.
I am using Java and C#, so any solution/suggestion is good for me.
Have a look at this site for a start.
Create keystore
keytool -genkey -alias youralias -keyalg RSA -keypass yourpassword123 -keystore yourKeystoreRSAMD5 -storepass store123 -sigalg MD5WITHRSA -validity 9999 -dname "CN=Common Name, OU=XYZ, O=Your company name, L=Your Town, S=Region, C=Countryname"
Export cert file in PEM format
keytool -export -alias youralias -file rsamd5YourKey.cer -keystore yourKeystoreRSAMD5 -storepass store123
Related
I am trying to establish a secure connection for my application using jetty http server version 8.1.8.v20121106 with self signed certificate.
I am generating self signed certificate with the following command,
keytool -genkey -alias mykey -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -validity 365 -keypass password -keystore keystore.jks -storepass password
keytool -export -alias mykey -file server.cer -keystore keystore.jks -storepass password
keytool -import -alias mykey -file server.cer -keystore truststore.jks -storepass password
So, totally 3 files generate (keystore.jks,server.cer,truststore.jks)
After the server gets started, I got the following error in my browser. There are issues with the site's certificate chain (net::ERR_CERT_AUTHORITY_INVALID).
Could anyone help me to generate a trusted self signed certificate using keytool.
Thanks in advance.
It is the problem with java jdk. I have verified using java 1.8 and jdk1.7.0_79 it is working fyn for me. Change your java jdk version and verify. For further clarification, Please refer this link.
https://bugs.eclipse.org/bugs/show_bug.cgi?id=398644
Good morning,
I recently requested a certificate from GoDaddy and they have sent me two sets of .pem and .spc files (SHA1 and SHA1) but when I try to import them to my codesignstore it says they are not X.509. Is there any way to convert them?
I used these commands to generate the files that I sent to GoDaddy.
Keystore
keytool -genkey -alias codesigncert -keyalg RSA -keysize 2048 -dname "CN=Corp,O=Corp,C=US,ST=FL,L=Orlando" -keystore codesignstore
Certificate Request
keytool -certreq -v -alias codesigncert -file codesign.pem -keystore codesignstore
Import
keytool –import –alias codesignecert –file NAME_OF_FILE_FROM_GODADDY –keystore codesignstore
I tried importing a trustcert using the below command and it worked for me.
keytool.exe -import -trustcacerts -alias "cert_alias_name" -file cert.pem -keystore "C:/Program Files/Java/jre1.8.0_291/lib/security/cacerts" -srcstorepass changeit -deststorepass changeit -v -noprompt
Certificate was added to keystore
[Storing C:/Program Files/Java/jre1.8.0_291/lib/security/cacerts]
[EDIT]
I used those two commands to generate the csr:
keytool -genkey -alias tomcat -keyalg RSA -keystore XY.key
keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore XY.key
gd_bundle-g2-g1.crt has 3 blocks in it, the other two have only 1.
[/EDIT]
I want to install the certificates. I want to use:
keytool -import -alias [AB] -keystore [CD.key] -trustcacerts -file [EF.crt]
I know CD; that's the keystore I generated, but what alias (AB) is correct for which certificate (EF)? The three certificates I get are:
b715e55ecaeeba39.crt
gd_bundle-g2-g1.crt
gdig2.crt
And after I did that correctly, am I right by using the:
keytool -import -alias tomcat -keystore <your_keystore_filename> -file certreq.csr
The file with which I requested the Certificate?
Thank you for your help.
You can use any alias you want as long as you specify it in the server.xml file (parameter keyAlias, case sensitive).
tomcat seems to be the default alias : https://docs.jboss.org/jbossweb/7.0.x/ssl-howto.html
I've been working on a client API using QuickFIX and I'm planning to use SSL and certificate based authentication. I generated self signed certificates for acceptor and initiator the following way:
1) Generate and export server/acceptor certificate:
keytool -genkeypair -keyalg RSA -keysize 2048 -alias server -keystore server.jks
keytool -export -alias server -file server.cer -keystore server.jks
2) Generate and export client/initiator certificate:
keytool -genkeypair -keyalg RSA -keysize 2048 -alias client -keystore client.jks
keytool -export -alias client -file client.cer -keystore client.jks
3) Import server/acceptor certificate to client keystore:
keytool -import -v -trustcacerts -alias server -file server.cer -keystore client.jks
4) Import client/initiator certificate to server/acceptor keystore:
keytool -import -v -trustcacerts -alias client -file client.cer -keystore server.jks
Acceptor config:
SocketUseSSL=Y
SocketKeyStore=server.jks
SocketKeyStorePassword=password
Initiator config:
SocketUseSSL=Y
SocketKeyStore=client.jks
SocketKeyStorePassword=password
Everything seems to work fine and data is getting encrypted. However, if I remove the initiator's client.jks keystore file, I will get a QuickFIX log entry saying "client.jks: keystore not found, using empty keystore". Strange thing, the initiator is still able to connect and establish a valid FIX session. I would expected the connection to be dropped immediately since no valid certificate is provided. Am I missing something?
The client certificate is not required by default, you must set this:
NeedClientAuth=Y
I can't make my weblogic 11g to work on https. The problem is with identity keystore. How should I create identity keystore? I have private key, web server certificate and intermediate certificate in pem format. I import private key and certificates like this:
keytool -import -keystore myIdentity.jks -storepass mypass -storetype JKS -alias myPrivateKey -file mykey.pem -keypass mypass
keytool -import -keystore myIdentity.jks -storepass mypass -storetype JKS -alias mycert -trustcacerts -file certificate.pem -keypass mypass
I am dummy at this and don't know what is wrong
Generate the IdentityStore :
keytool -genkey -keystore myIdentityStore.jks -storepass welcome1 -alias dummy -dname CN="dummy,C=FR" -keypass welcome1
Import certificates in the TrustStore
keytool -import -v -noprompt -trustcacerts -alias myCertificateAliasName -file myCertificateLocation -keystore myTrustStore.jks -storepass welcome1
Configure your weblogic Server :
Environment -> Servers – AdminServer -> Keystores, then
Change Demo Identity and Demo Trust to Custom Identity and Custom Trust.
Also, change those values for Identity
Custom Identity Keystore : $OSB_HOME/vesiKeyStore/vesiIdentityStore.jks,
Custom Identity Keystore Type : JKS,
Confirm Custom Identity Keystore Passphrase :welcome1.
Do the same for Trust.
restart the server.
Found very useful:
This link
I generated keystore with IBM Keyman and solved my problems.