Jump to content

Who knows about SSL and self-signed certificates??


marzman

Recommended Posts

Hey,

 

Sorry - a work related question but im going mad here!

 

i need to communicate via SSL for a new piece of development, and have got the necessary java methods to handle a socket connection with SSL. I simply need to pass in the name of a keystore and its password.

 

To create the keystore im using a java tool called Keytool - but i cant figure out how to generate the appropriate certificates - which i want to be 'self-signed' (this is the important bit).

 

I need a Root Certificate, Personal Certificate, and Private Key... using Keytool i've got the Root Cert and the Private Key, but i cant generate the Personal Certificate, as this is usually issued by a CA such as verisign...!!

 

Nobody in my office has had to do this before so im on my own, and very stuck!!

 

Any suggestions anyone?

 

:bang::bang:

Link to comment
Share on other sites

you need to contact a company like verisign who will sell you one and have it verified.

 

I work for the NHS and have found Verisign to be expensive.

 

Try instantssl.com and digicert.com

 

 

Cheers mate,

 

I need to make a self-signed certificate - i.e. not use a CA such as verisign. My SSL communications are going to be on a private network and therefore can be self signed - saving us mucho $$ :lol:

Link to comment
Share on other sites

have you actually installed the root cert?

 

im having cert issues of another kind today with server2008 and MS unwillingness to support self signed certs! :rant:

 

I dont have a root certificate to install - i believe i have to generate my own...?

 

Im now officially bald as i've been tearing my hair out since 11am!

Link to comment
Share on other sites

found this....

 

e223. Creating a New Key Pair and Self-Signed Certificate Using keytool

This example uses the keytool program to create a new key pair and self-signed certificate for the principal Duke. The example generates a 1024-bit Digital Signature Algorithm (DSA) key pair.

 

> keytool -genkey -alias alias -keystore .keystore

Enter keystore password: password

What is your first and last name?

[unknown]: Duke

What is the name of your organizational unit?

[unknown]: JavaSoft

What is the name of your organization?

[unknown]: Sun

What is the name of your City or Locality?

[unknown]: Cupertino

What is the name of your State or Province?

[unknown]: CA

What is the two-letter country code for this unit?

[unknown]: US

Is correct?

[no]: yes

 

To create a 1024-bit RSA key:

 

> keytool -genkey -keyalg RSA -keysize 1024 -alias alias -keystore .keystore

Link to comment
Share on other sites

not sure re keytool, used openssl and other products to create a cert.

 

filezilla has a cert tool built in (FTP server software), maybe you could use that? I've used that and then XCA to convert the server cert for a client side cert and imported it and using FTPS successfully with certs now :) is this development using 'windows' certs in the certificate store?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...