marzman Posted July 13, 2009 Share Posted July 13, 2009 Hey, Sorry - a work related question but im going mad here! i need to communicate via SSL for a new piece of development, and have got the necessary java methods to handle a socket connection with SSL. I simply need to pass in the name of a keystore and its password. To create the keystore im using a java tool called Keytool - but i cant figure out how to generate the appropriate certificates - which i want to be 'self-signed' (this is the important bit). I need a Root Certificate, Personal Certificate, and Private Key... using Keytool i've got the Root Cert and the Private Key, but i cant generate the Personal Certificate, as this is usually issued by a CA such as verisign...!! Nobody in my office has had to do this before so im on my own, and very stuck!! Any suggestions anyone? Quote Link to comment Share on other sites More sharing options...
BRO-T Posted July 13, 2009 Share Posted July 13, 2009 you need to contact a company like verisign who will sell you one and have it verified. I work for the NHS and have found Verisign to be expensive. Try instantssl.com and digicert.com Quote Link to comment Share on other sites More sharing options...
marzman Posted July 13, 2009 Author Share Posted July 13, 2009 you need to contact a company like verisign who will sell you one and have it verified. I work for the NHS and have found Verisign to be expensive. Try instantssl.com and digicert.com Cheers mate, I need to make a self-signed certificate - i.e. not use a CA such as verisign. My SSL communications are going to be on a private network and therefore can be self signed - saving us mucho $$ Quote Link to comment Share on other sites More sharing options...
MrLizard Posted July 13, 2009 Share Posted July 13, 2009 have you actually installed the root cert? im having cert issues of another kind today with server2008 and MS unwillingness to support self signed certs! Quote Link to comment Share on other sites More sharing options...
marzman Posted July 13, 2009 Author Share Posted July 13, 2009 have you actually installed the root cert? im having cert issues of another kind today with server2008 and MS unwillingness to support self signed certs! I dont have a root certificate to install - i believe i have to generate my own...? Im now officially bald as i've been tearing my hair out since 11am! Quote Link to comment Share on other sites More sharing options...
rich5259 Posted July 14, 2009 Share Posted July 14, 2009 I read the titile and thought you'd been off sick for 3 days, Quote Link to comment Share on other sites More sharing options...
Gaz Walker Posted July 14, 2009 Share Posted July 14, 2009 I know about SSL, but not self-sign, sorry I read the titile and thought you'd been off sick for 3 days, very good. Quote Link to comment Share on other sites More sharing options...
SunGodRA Posted July 14, 2009 Share Posted July 14, 2009 found this.... e223. Creating a New Key Pair and Self-Signed Certificate Using keytool This example uses the keytool program to create a new key pair and self-signed certificate for the principal Duke. The example generates a 1024-bit Digital Signature Algorithm (DSA) key pair. > keytool -genkey -alias alias -keystore .keystore Enter keystore password: password What is your first and last name? [unknown]: Duke What is the name of your organizational unit? [unknown]: JavaSoft What is the name of your organization? [unknown]: Sun What is the name of your City or Locality? [unknown]: Cupertino What is the name of your State or Province? [unknown]: CA What is the two-letter country code for this unit? [unknown]: US Is correct? [no]: yes To create a 1024-bit RSA key: > keytool -genkey -keyalg RSA -keysize 1024 -alias alias -keystore .keystore Quote Link to comment Share on other sites More sharing options...
andlid Posted July 14, 2009 Share Posted July 14, 2009 not sure re keytool, used openssl and other products to create a cert. filezilla has a cert tool built in (FTP server software), maybe you could use that? I've used that and then XCA to convert the server cert for a client side cert and imported it and using FTPS successfully with certs now is this development using 'windows' certs in the certificate store? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.