Search Results

Search found 81 results on 4 pages for 'keytool'.

Page 1/4 | 1 2 3 4  | Next Page >

  • Failed to create symbolic link to keytool

    - by mt0s
    Keytool is /usr/bin/keytool and points to /etc/alternatives/keytool which in turn points to /usr/lib/jvm/java-6-openjdk-i386/jre/bin/keytool. Now I have installed java version 1.7.0_45 so I need to change keytool to the new path : /usr/lib/jvm/jdk1.7.0_45/jre/bin/keytool I tried deleting the /usr/bin/keytool with rm -rf and then adding a new link like : sudo ln -s /usr/bin/keytool /usr/lib/jvm/jdk1.7.0_45/jre/bin/keytool but what I get is ln: failed to create symbolic link `/usr/lib/jvm/jdk1.7.0_45/jre/bin/keytool': File exists I also tried : sudo update-alternatives --config keytool There is only one alternative in link group keytool: /usr/lib/jvm/java-6-openjdk-i386/jre/bin/keytool Nothing to configure. update-alternatives: warning: forcing reinstallation of alternative /usr/lib/jvm/java-6-openjdk-i386/jre/bin/keytool because link group keytool is broken. but doesn't works too. Any suggestions ? Thank you

    Read the article

  • Generate a certificate with Openssl and import the same certificate using keytool

    - by Safari
    I have a question about the SSL during the use of CAS in LIferay. I have generate the certificate using Openssl (I flollowed this tutorial) on my CAS Server and now I would to import the certificate using keytool on the Liferay machine. To import the certificate with keytool I use this command: keytool -import -alias tomcatLiferay -file /myopensslcertificate.crt But when I import the .crt certificate file and I check the CAS connection I get the message: SSL Error. IF I try to generate the certificate using keytool (keytool -genkey...) on the CAS server end I import this certificate using keytool -import .... I can connect to the CAS server and I not see any errors... I think that I use a wrong way to generate the certificate with openssl or a wrong way to import the certificate (generated with openssl) with keytool.

    Read the article

  • keytool.exe is not a valid win32 application MD5, access denied

    - by user1015086
    Whenever I use any of those commands, I get "keytool.exe is not a valid win32 application" error, even when I open keytool.exe independently as an exe file. C:\Program Files(x86)\Java\jre6\bin>keytool.exe -list -alias androiddebugkey -keystore "C:\Users\ti7a\.android\debug.keystore" -storepass android -keypass android keytool -list -keystore "C:\Users\ti7a\.android\debug.keystore" C:>cd C:\Program Files\Java\jre6\bin keytool -list -alias androiddebugkey -key store "C:\Users\ti7a\.android\debug.keystore" -storepass andro id -keypass android

    Read the article

  • Keytool and SSL Apache config

    - by Safari
    I have a question about SSL certificate... I have generate a certificate using this keytool command.. keytool -genkey -alias myalias -keyalg RSA -keysize 2048 and I used this command to export the certificate keytool -export -alias myalias -file certificate.crt So, I have a file .crt Now I would to configure my Apache ssl module. I need to use keytool...At the moment I can't to use Openssl How can I configure the module if I have only this certificate.crt file? I see these sections in my ssl.conf # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that a kill -HUP will prompt again. A new # certificate can be generated using the genkey(1) command. #SSLCertificateFile /etc/pki/tls/certs/localhost.crt # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) #SSLCertificateKeyFile /etc/pki/tls/private/localhost.key # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the # concatenation of PEM encoded CA certificates which form the # certificate chain for the server certificate. Alternatively # the referenced file can be the same as SSLCertificateFile # when the CA certificates are directly appended to the server # certificate for convinience. #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt How can I configure the correct section?

    Read the article

  • java keytool question

    - by user384706
    Hi, I created a java keystore programmatically of type jks (i.e. default type). It is initially empty so I created a DSA certificate. keytool -genkey -alias myCert -v -keystore trivial.keystore How can I see the public and private keys? I.e. is there a command that prints the private key of my certificate? I could only find keytool -certreq which in my understanding prints the certificate as a whole: -----BEGIN NEW CERTIFICATE REQUEST----- MIICaTCCAicCAQAwZTELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkdyZWVjZTEPMA0GA1UEBxMGQXRo BQADLwAwLAIUQZbY/3Qq0G26fsBbWiHMbuVd3VICFE+gwtUauYiRbHh0caAtRj3qRTwl -----END NEW CERTIFICATE REQUEST----- I assume this is the whole certificate. How can I see private (or public key) via keytool? Thank you

    Read the article

  • Android–Finding your SDK debug certificate MD5 fingerprint using Keytool

    - by Bill Osuch
    I recently upgraded to a new development machine, which means the certificate used to sign my applications during debug changed. Under most circumstances you’ll never notice a difference, but if you’re developing apps using Google’s Maps API you’ll find that your old API key no longer works with the new certificate fingerprint. Google's instructions walk you through retrieving the MD5 fingerprint of your SDK debug certificate - the certificate that you’re probably signing your apps with before publishing, but it doesn't talk much about the Keytool command. The thing to remember is that Keytool is part of Java, not the Android SDK, so you'll never find it searching through your Android and Eclipse directories. Mine is located in C:\Program Files\Java\jdk1.7.0_02\bin so you should find yours somewhere similar. From a command prompt, navigate to this directory and type: keytool -v -list -keystore "C:/Documents and Settings/<user name>/.android/debug.keystore" That’s assuming the path to your debug certificate is in the typical location. If this doesn’t work, you can find out where it’s located in Eclipse by clicking Window –> Preferences –> Android –> Build. There's no need to use the additional commands shown on Google's page. You'll be prompted for a password, just hit enter. The last line shown, Certificate fingerprint, is the key you'll give Google to generate your new Maps API key. Technorati Tags: Android Mapping

    Read the article

  • Keystore in PKCS12 format seems empty to keytool, but is read by Firefox?!

    - by hjh
    I have a problem with a keystore in pkcs12 format, which contains a private key I need to use to authenticate myself (using mutual authentication) to a remote SSL server. The keystore file can be read perfectly fine by Firefox, and when used, I can access the remote server without problems. However, my Java program does not work with the keystore file. And if I use keytool to list keys inside the file, it seems empty -- while it is clearly not! How can I get Java/keytool to see the private key inside the keystore?

    Read the article

  • How to generate, sign and import SSL certificate from Java

    - by Demiurg
    I need to generate a self signed certificates at run time, sign them and import to the Java keystore. I can do this using "keytool" and "openssl" from command line in the following way: keytool -import -alias root -keystore keystore.txt -file cacert.pem keytool -genkey -keyalg RSA -keysize 1024 -alias www.cia.gov -keystore keystore.txt keytool -keystore keystore.txt -certreq -alias www.cia.gov -file req.pem openssl x509 -req -days 3650 -in req.pem -CA cacert.pem -CAkey cakey.pem -CAcreateserial -out reqsigned.pem keytool -import -alias www.cia.gov -keystore keystore.txt -trustcacerts -file reqsigned.pem I can, of course, ship my application with keytool and openssl binaries and execute the above commands from Java, but I'm looking for a cleaner approach which would allow me to do all of the above using pure Java. Any libraries I can use ?

    Read the article

  • Sun Java keytool importing EV certificates into a single keystore

    - by ss0
    At my current job we are using tomcat, customers have custom web portals setup on their own local machines. EV certs are new to me, they have 2 part intermediary and a primary certificate. For our product to work it appears I need to get all three parts installed under a single keystore entry. How can I roll all three parts into a single x.509 compliant file for import? They syntax I am using is as follows: /blah/system/j2sdk/bin/keytool -import -alias foo -keystore /zix/system/jdk1.5.0_06/jre/lib/security/cacerts -file certname.pem -trustcacerts where foo = the keystore name and certname.pem is the main cert. I have tried importing the intermediate certs under their own names into the keystore and I don't know if it's just the product I have to work with (not vanilla tomcat) or what but it doesn't see those. I have seen a working system and all three certs were under the single keystore alias. Anyone have any ideas?

    Read the article

  • Cant find the android keytool

    - by Tim
    Hi all I am trying to follow the Android mapping tutorial and got to this part where I had to get an API key http://code.google.com/android/add-ons/google-apis/mapkey.html#getdebugfingerprint I have found my debug.keystore but there does not appear to be a keytool application in the directory: C:\Documents and Settings\tward\.androidls adb_usb.ini avd debug.keystore repositories.cfg androidtool.cfg ddms.cfg default.keyset There is also no keytool in this directory: C:\Android\android-sdk-windows\toolsls AdbWinApi.dll apkbuilder.bat etc1tool.exe mksdcard.exe AdbWinUsbApi.dll ddms.bat fastboot.exe source.properties Jet dmtracedump.exe hierarchyviewer.bat sqlite3.exe NOTICE.txt draw9patch.bat hprof-conv.exe traceview.bat adb.exe emulator.exe layoutopt.bat zipalign.exe android.bat emulator_NOTICE.txt lib I am using eclipse as my editor and believe that I have downloaded all the latest SDK What am I doing wrong? Thanks for your time Tim

    Read the article

  • Extract cert and private key from JKS keystore to use it in Apache2 httpd

    - by momo
    I tried to find this but no luck. I created a JKS keystore and generated a CSR, then imported the signed cert and intermediate and root CA certs. Used this keystore on Tomcat without problems. Now I want to use the same cert for Apache2 http server on the same machine. I actually want to set up mod_jk to redirect /*.jsp and servlets paths to Tomcat and serve the static content and PHP from Apache2. I tried to convert JKS to PKCS12 with keytool to afterwards handle it with openssl with a command like this: keytool -importkeystore -srckeystore foo.jks \ -destkeystore foo.p12 \ -srcstoretype jks \ -deststoretype pkcs12 The problem is only the cert is exported but not the rest of the chain. I actually used this keystore on Apache and it complained about key and cert don't matching (not sure if it's related to the chain or not). Can anyone point me on the right direction? I am not a server guy and I am kinda lost with all this things :-(

    Read the article

  • Generate a use a Openssl certificate in Tomcat

    - by Safari
    I need to enable SSL on my Tomcat and Apache so I need to generate the (self-signed) certificate using Openssl tool end, about Tomcat, I need to import the certificate using keytool. I know that is necessary to convert (openssl) certificate to Tomcat compatible format. So I need to Use OpenSSL to convert the certificate into an PKCS12 keystore an I need to Import this keystore using keytool and export as Tomcat compatible keystore. But I not understood how can I convert a my certificate (generated with Openssl) into a requested Tomcat format? is possible to explain me all the steps to reach my goal? thanks

    Read the article

  • iPack -The iOS Application Packager

    - by user13277780
    iOS applications are distributed in .ipa archive files. These files are regular zip files which contain application resources and executable-s. To protect them from unauthorized modifications and to provide identification of their sources, the content of the archives is signed. The signature is included in the application executable of an.ipa archive and protects the executable file itself and the associated resource files. Apple provides native Mac OS tools for signing iOS executable-s (which are actually generic Mach-O code signing tools), but these tools are not generally available on other platforms. To provide a multi-platform development environment for JavaFX based iOS applications, we ported iOS signing and packaging to Java and created a dedicated ipack tool for it. The iPack tool can be used as a last step of creating .ipa package on various operating systems. Prototype has been tested by creating a final distributable for JavaFX application that runs on iPad, all done on Windows 7. Source Code The source code of iPac tool is in OpenJFX project repository. You can find it in: <openjfx root>/rt/tools/ios/Maven/ipack To build the iPack tool use: rt/tools/ios/Maven/ipack$ mvn package After building, you can run the tool: java -jar <path to ipack.jar> <arguments>  Signing keystore The tool uses a java key store to read the signing certificate and the associated private key. To prepare such keystore users can use keytool from JDK. One possible scenario is to import an existing private key and the certificate from a key store used on Mac OS: To list the content of an existing key store and identify the source alias: keytool -list -keystore <src keystore>.p12 -storetype pkcs12 -storepass <src keystore password> To create Java key store and import the private key with its certificate to the keys store: keytool -importkeystore \ -destkeystore <dst keystore> -deststorepass <dst keystore password> \ -srckeystore <src keystore>.p12 -srcstorepass <src keystore password> -srcstoretype pkcs12 \ -srcalias <src alias> -destalias <dst alias> -destkeypass <dst key password> Another scenario would be to generate a private / public key pair directly in a Java key store and create a certificate request from it. After sending the request to Apple one can then import the certificate response back to the Java key store and complete the signing certificate entry. In both scenarios the resulting alias in the Java key store will contain only a single (leaf) certificate. This can be verified with the following command: keytool -list -v -keystore <ipack keystore> -storepass <keystore password> When looking at the Certificate chain length entry, the number next to it is 1. When an executable file is signed on Mac OS, the resulting signature (in CMS format) includes the whole certificate chain up to the Apple Root CA. The ipack tool includes only the chain which is stored under the alias specified on the command line. So to have the whole chain in the signature we need to replace the single certificate entry under the alias with the corresponding full certificate chain. To do that we need first to create the chain in a separate file. It is easy to create such chain when working with certificates in Base-64 encoded PEM format. A certificate chain can be created by concatenating PEM certificates, which should form the chain, into a single file. For iOS signing we need the following certificates in our chain: Apple Root CA Apple Worldwide Developer Relations CA Our signing leaf certificate To convert a certificate from the binary DER format (.der, .cer) to PEM format: keytool -importcert -noprompt -keystore temp.ks -storepass temppwd -alias tempcert -file <certificate>.cer keytool -exportcert -keystore temp.ks -storepass temppwd -alias tempcert -rfc -file <certificate>.pem To export the signing certificate into PEM format: keytool -exportcert -keystore <ipack keystore> -storepass <keystore password> -alias <signing alias> -rfc -file SigningCert.pem After constructing a chain from AppleIncRootCertificate.pem, AppleWWDRCA.pem andSigningCert.pem, it can be imported back into the keystore with: keytool -importcert -noprompt -keystore <ipack keystore> -storepass <keystore password> -alias <signing alias> -keypass <key password> -file SigningCertChain.pem To summarize, the following example shows the full certificate chain replacement process: keytool -importcert -noprompt -keystore temp.ks -storepass temppwd -alias tempcert1 -file AppleIncRootCertificate.cer keytool -exportcert -keystore temp.ks -storepass temppwd -alias tempcert1 -rfc -file AppleIncRootCertificate.pem keytool -importcert -noprompt -keystore temp.ks -storepass temppwd -alias tempcert2 -file AppleWWDRCA.cer keytool -exportcert -keystore temp.ks -storepass temppwd -alias tempcert2 -rfc -file AppleWWDRCA.pem keytool -exportcert -keystore ipack.ks -storepass keystorepwd -alias mycert -rfc -file SigningCert.pem cat SigningCert.pem AppleWWDRCA.pem AppleIncRootCertificate.pem >SigningCertChain.pem keytool -importcert -noprompt -keystore ipack.ks -storepass keystorepwd -alias mycert -keypass keypwd -file SigningCertChain.pem keytool -list -v -keystore ipack.ks -storepass keystorepwd Usage When the ipack tool is started with no arguments it prints the following usage information: -appname MyApplication -appid com.myorg.MyApplication     Usage: ipack <archive> <signing opts> <application opts> [ <application opts> ... ] Signing options: -keystore <keystore> keystore to use for signing -storepass <password> keystore password -alias <alias> alias for the signing certificate chain and the associated private key -keypass <password> password for the private key Application options: -basedir <directory> base directory from which to derive relative paths -appdir <directory> directory with the application executable and resources -appname <file> name of the application executable -appid <id> application identifier Example: ipack MyApplication.ipa -keystore ipack.ks -storepass keystorepwd -alias mycert -keypass keypwd -basedir mysources/MyApplication/dist -appdir Payload/MyApplication.app -appname MyApplication -appid com.myorg.MyApplication    

    Read the article

  • Enable SSL with Jetty 8

    - by Jerec TheSith
    I received certificates from GoDaddy an I'm trying to enable SSL with Jetty but receive an error 107 SSL protocol error when connecting to https://server.com:8443 I generated the keystore using these commands : keytool -keystore keystore -import -alias gd_bundle -trustcacerts -file gd_bundle.crt keytool -keystore keystore -import -alias server.com -trustcacerts -file server.com.crt and placed it in /opt/jetty/etc/ And used the following configuration in jetty.xml : <Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> <Arg> <New class="org.eclipse.jetty.http.ssl.SslContextFactory"> <Set name="keyStore"><SystemProperty name="jetty.home" default="."/>/etc/keystore</Set> <Set name="keyStorePassword">**password1**</Set> <Set name="keyManagerPassword">**password1**</Set> <Set name="trustStore"><SystemProperty name="jetty.home" default="."/>/etc/keystore</Set> <Set name="trustStorePassword">**password1**</Set> </New> </Arg> <Set name="port">8443</Set> <Set name="maxIdleTime">30000</Set> <Set name="Acceptors">2</Set> <Set name="statsOn">false</Set> <Set name="lowResourcesConnections">20000</Set> <Set name="lowResourcesMaxIdleTime">5000</Set> </New> </Arg> </Call> Am I missing something in jetty's configuration ?

    Read the article

  • SSL Certificate without host name in it

    - by Sinuhe
    I have implemented a web service with server and client authentication using keytool. The problem is that this authentication doesn't work if I don't include the name of the host in it. For example: keytool -genkey -alias myAlias -keyalg RSA -keypass myPassword -storepass myPassword -keystore my.keystore -dname "CN=myhost" But I don't need and I don't like validation by host or by IP. Is there any way of avoiding it? Thanks.

    Read the article

  • New Key for expired certificate?

    - by aglassman
    I need to create a new certificate for an internal server. It is self signed. Is there an easy way to just extend the expiration date of the current certificate? If not, can I reuse the current key, or do I need to generate a new one? I'll be using Java keytool. All info I can find online it looks like I need to create a new keystore, but I'd rather skip that step if possible just to keep things simple.

    Read the article

  • Error adding certificate to cacerts. Unknown key spec

    - by Alvaro Villanueva
    I am using jdk 1.6 in Windows. I have a .der file (DER Encoded X509 Certificate) that will like to add to my cacerts file... so I tried the following: keytool -import -keystore "C:\Program Files\Java\jdk1.6.0_27\jre\lib\security\cacerts" -trustcacerts -alias openldap -file "C:\cacert.der" I got the following error: java.security.cert.CertificateParsingException: java.io.IOException: subject key, java.security.spec.InvalidKeySpecException: Unknown key spec At first, I thoght it was a problemen with the der certificate, but then doing the following I got exactly the same error: keytool -list -keystore "C:\Program Files\Java\jdk1.6.0_27\jre\lib\security\cacerts" Any ideas why is this problem appearing? I have not found anything in the Web. Thanks in advance.

    Read the article

  • telling java to accept self-signed ssl certificate

    - by Nikita Rybak
    It looks like a standard question, but I couldn't find clear directions anywhere. I have java code trying to connect server with probably self-signed (or expired) certificate. It gives something like this [HttpMethodDirector] I/O exception (javax.net.ssl.SSLHandshakeException) caught when processing request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target As I understand, I have to play around with keytool and tell java that it's ok to allow this connection. But all comments I've found assume I'm fully proficient with keytool, like "generate private key for server and import it into keystore". And I'm not. Is there anybody who could post detailed instructions? I'm running unix, so bash script would be best. Not sure if it's important, but code executed in jboss. Thanks a lot!

    Read the article

  • Published Android apk gives error "Package file was not signed correctly"

    - by David Read
    I recently uploaded my application to the android market however it's refusing to run when downloaded due to the error Package file was not signed correctly I first published the packet using eclipse, right click export, creating a keystore then publishing, however it refuses to work. I then downloaded the keytool and jarsigner and used them to sign an upgrade which I posted instead. However this gives the same error. I have no idea what I've done wrong, and since I cannot delete the application I cannot try and start again can anyone help me? Thanks

    Read the article

  • How to export ECC key and Cert from NSS DB and import into JKS keystore and Oracle Wallet

    - by mv
    How to export ECC key and Cert from NSS DB and import into JKS keystore and Oracle Wallet In this blog I will write about how to extract a cert and key from NSS Db and import it to a JKS Keystore and then import that JKS Keystore into Oracle Wallet. 1. Set Java Home I pointed it to JRE 1.6.0_22 $ export JAVA_HOME=/usr/java/jre1.6.0_22/ 2. Create a self signed ECC cert in NSS DB I created NSS DB with self signed ECC certificate. If you already have NSS Db with ECC cert (and key) skip this step. $export NSS_DIR=/export/home/nss/ $$NSS_DIR/certutil -N -d . $$NSS_DIR/certutil -S -x -s "CN=test,C=US" -t "C,C,C" -n ecc-cert -k ec -q nistp192 -d . 3. Export ECC cert and key using pk12util Use NSS tool pk12util to export this cert and key into a p12 file      $$NSS_DIR/pk12util -o ecc-cert.p12 -n ecc-cert -d . -W password 4. Use keytool to create JKS keystore and import this p12 file 4.1 Import p12 file created above into a JKS keystore $JAVA_HOME/bin/keytool -importkeystore -srckeystore ecc-cert.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore ecc.jks -srcstorepass password -deststorepass password -srcalias ecc-cert -destalias ecc-cert -srckeypass password -destkeypass password -v But if an error as shown is encountered, keytool error: java.security.UnrecoverableKeyException: Get Key failed: EC KeyFactory not available java.security.UnrecoverableKeyException: Get Key failed: EC KeyFactory not available        at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineGetKey(Unknown Source)         at java.security.KeyStoreSpi.engineGetEntry(Unknown Source)         at java.security.KeyStore.getEntry(Unknown Source)         at sun.security.tools.KeyTool.recoverEntry(Unknown Source)         at sun.security.tools.KeyTool.doImportKeyStoreSingle(Unknown Source)         at sun.security.tools.KeyTool.doImportKeyStore(Unknown Source)         at sun.security.tools.KeyTool.doCommands(Unknown Source)         at sun.security.tools.KeyTool.run(Unknown Source)         at sun.security.tools.KeyTool.main(Unknown Source) Caused by: java.security.NoSuchAlgorithmException: EC KeyFactory not available         at java.security.KeyFactory.<init>(Unknown Source)         at java.security.KeyFactory.getInstance(Unknown Source)         ... 9 more 4.2 Create a new PKCS11 provider If you didn't get an error as shown above skip this step. Since we already have NSS libraries built with ECC, we can create a new PKCS11 provider Create ${java.home}/jre/lib/security/nss.cfg as follows: name = NSS     nssLibraryDirectory = ${nsslibdir}    nssDbMode = noDb    attributes = compatibility where nsslibdir should contain NSS libs with ECC support. Add the following line to ${java.home}/jre/lib/security/java.security :      security.provider.9=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg Note that those who are using Oracle iPlanet Web Server or Oracle Traffic Director, NSS libs built with ECC are in <ws_install_dir>/lib or <otd_install_dir>/lib. 4.3. Now keytool should work Now you can try the same keytool command and see that it succeeds : $JAVA_HOME/bin/keytool -importkeystore -srckeystore ecc-cert.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore ecc.jks -srcstorepass password -deststorepass password -srcalias ecc-cert -destalias ecc-cert -srckeypass password -destkeypass password -v [Storing ecc.jks] 5. Convert JKS keystore into an Oracle Wallet You can export this cert and key from JKS keystore and import it into an Oracle Wallet if you need using orapki tool as shown below. Make sure that orapki you use supports ECC. Also for ECC you MUST use "-jsafe" option. $ orapki wallet create -pwd password  -wallet .  -jsafe $ orapki wallet jks_to_pkcs12 -wallet . -pwd password -keystore ecc.jks -jkspwd password -jsafe AS $orapki wallet display -wallet . -pwd welcome1  -jsafeOracle PKI Tool : Version 11.1.2.0.0Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.Requested Certificates:User Certificates:Subject:        CN=test,C=USTrusted Certificates:Subject:        OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USSubject:        CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=USSubject:        OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USSubject:        OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USSubject:        CN=test,C=US As you can see our ECC cert in the wallet. You can follow the same steps for RSA certs as well. 6. References http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=356 http://old.nabble.com/-PATCH-FOR-REVIEW-%3A-Support-PKCS11-cryptography-via-NSS-p25282932.html http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html

    Read the article

  • How to create X509 self signed certificate for use in Apache Tomcat

    - by DaveJohnston
    I have a Java application that runs on Windows Mobile devices using a 3rd Party JVM. The application communicates with an Apache Tomcat server over HTTP. We have also used HTTPS for some connections and the certificates were created using the Sun keytool utility. First a keystore was created using genkey, then the certificate exported using export and finally that was imported into another keystore using import. The file created by genkey was loaded into the Apache server and the keystore created using import was loaded into the JVM on the PDA. Everything works as expected. I am now working with a new JVM on the PDA and (for whatever reason) I have established that this JVM requires the keystore to be in X509 (DER) format. I started working on this about a month ago and had it working, but stupidly never wrote down the steps I took, and now I can't for the life of me remember what I did. I seem to remember using openssl but other than that I am totally lost. Anything I create now using openssl and try to load into Apache causes an error at startup (Invalid Keystore Format) so I am probably missing something out entirely. Does anyone have any ideas how I should be going about creating this self-signed X509 certificate that can be loaded into Apache server and JVM running on a PDA?

    Read the article

  • Using an empty keystore password used to be possible?

    - by TomTasche
    When signing an apk after a long break from Android development I was surprised that I'm no longer able to enter an empty keystore password to unlock it. Is it just me or has this been possible before? If so, when did that change and how can I manage to unlock the keystore anyway? Some background: maybe I'm just crazy and didn't use an empty password for the keystore before, but the one and only possible password that I could have been using instead doesn't work either (I swear, there's no chance I'd have used another password!).

    Read the article

  • Sign application with several certificates

    - by tschiggerl
    Hi, From the signing documentation at http://developer.android.com/intl/zh-TW/guide/publishing/app-signing.html: When the system is installing an update to an application, if any of the certificates in the new version match any of the certificates in the old version, then the system allows the update. This indicates that an application can be signed with multiple certificates. This is an interesting option to allow multiple entities to sign an application. e.g: A system application which was initially signed by the device's manufacturer. Further updates could be signed by the developer. Am I misreading the documentation or is this really possible? If so, how? Is there any other way for an application to support different certificates and with that, having two or more entities sign it? Thanks, Rúben

    Read the article

  • tomcat5 HTTP 400 BAd Request

    - by Oneiroi
    OS is centOS 5.5 x64, rpm's are as follows: tomcat5-jsp-2.0-api-5.5.23-0jpp.9.el5_5 tomcat5-common-lib-5.5.23-0jpp.9.el5_5 tomcat5-servlet-2.4-api-5.5.23-0jpp.9.el5_5 tomcat5-server-lib-5.5.23-0jpp.9.el5_5 tomcat5-5.5.23-0jpp.9.el5_5 tomcat5-jasper-5.5.23-0jpp.9.el5_5 telnet localhost 8080 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. GET / HTTP/1.0 Host: localhost HTTP/1.1 400 Bad Request Server: Apache-Coyote/1.1 Date: Thu, 16 Sep 2010 15:06:21 GMT Connection: close alternatives --display java output: alternatives --display java java - status is manual. link currently points to /usr/lib/jvm/jre1.6.0_21/bin/java /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java - priority 16000 slave keytool: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/keytool slave orbd: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/orbd slave pack200: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/pack200 slave rmid: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/rmid slave rmiregistry: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/rmiregistry slave servertool: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/servertool slave tnameserv: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/tnameserv slave unpack200: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/unpack200 slave jre_exports: /usr/lib/jvm-exports/jre-1.6.0-openjdk.x86_64 slave jre: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64 slave java.1.gz: /usr/share/man/man1/java-java-1.6.0-openjdk.1.gz slave keytool.1.gz: /usr/share/man/man1/keytool-java-1.6.0-openjdk.1.gz slave orbd.1.gz: /usr/share/man/man1/orbd-java-1.6.0-openjdk.1.gz slave pack200.1.gz: /usr/share/man/man1/pack200-java-1.6.0-openjdk.1.gz slave rmid.1.gz: /usr/share/man/man1/rmid-java-1.6.0-openjdk.1.gz slave rmiregistry.1.gz: /usr/share/man/man1/rmiregistry-java-1.6.0-openjdk.1.gz slave servertool.1.gz: /usr/share/man/man1/servertool-java-1.6.0-openjdk.1.gz slave tnameserv.1.gz: /usr/share/man/man1/tnameserv-java-1.6.0-openjdk.1.gz slave unpack200.1.gz: /usr/share/man/man1/unpack200-java-1.6.0-openjdk.1.gz /usr/lib/jvm/jre-1.4.2-gcj/bin/java - priority 1420 slave keytool: /usr/lib/jvm/jre-1.4.2-gcj/bin/keytool slave orbd: (null) slave pack200: (null) slave rmid: (null) slave rmiregistry: /usr/lib/jvm/jre-1.4.2-gcj/bin/rmiregistry slave servertool: (null) slave tnameserv: (null) slave unpack200: (null) slave jre_exports: /usr/lib/jvm-exports/jre-1.4.2-gcj slave jre: /usr/lib/jvm/jre-1.4.2-gcj slave java.1.gz: (null) slave keytool.1.gz: (null) slave orbd.1.gz: (null) slave pack200.1.gz: (null) slave rmid.1.gz: (null) slave rmiregistry.1.gz: (null) slave servertool.1.gz: (null) slave tnameserv.1.gz: (null) slave unpack200.1.gz: (null) /usr/lib/jvm/jre1.6.0_21/bin/java - priority 2 slave keytool: (null) slave orbd: (null) slave pack200: (null) slave rmid: (null) slave rmiregistry: (null) slave servertool: (null) slave tnameserv: (null) slave unpack200: (null) slave jre_exports: (null) slave jre: (null) slave java.1.gz: (null) slave keytool.1.gz: (null) slave orbd.1.gz: (null) slave pack200.1.gz: (null) slave rmid.1.gz: (null) slave rmiregistry.1.gz: (null) slave servertool.1.gz: (null) slave tnameserv.1.gz: (null) slave unpack200.1.gz: (null) Current `best' version is /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java. Same occurs trying HTTP/1.1, and I am at a complete loss as to why.

    Read the article

1 2 3 4  | Next Page >