Who knows about SSL and self-signed certificates??

[marzman]

Hey,

 

Sorry - a work related question but im going mad here!

 

i need to communicate via SSL for a new piece of development, and have got the necessary java methods to handle a socket connection with SSL. I simply need to pass in the name of a keystore and its password.

 

To create the keystore im using a java tool called Keytool - but i cant figure out how to generate the appropriate certificates - which i want to be 'self-signed' (this is the important bit).

 

I need a Root Certificate, Personal Certificate, and Private Key... using Keytool i've got the Root Cert and the Private Key, but i cant generate the Personal Certificate, as this is usually issued by a CA such as verisign...!!

 

Nobody in my office has had to do this before so im on my own, and very stuck!!

 

Any suggestions anyone?

 

[BRO-T]

you need to contact a company like verisign who will sell you one and have it verified.

 

I work for the NHS and have found Verisign to be expensive.

 

Try instantssl.com and digicert.com

[marzman]

you need to contact a company like verisign who will sell you one and have it verified.

 

I work for the NHS and have found Verisign to be expensive.

 

Try instantssl.com and digicert.com

 

 

Cheers mate,

 

I need to make a self-signed certificate - i.e. not use a CA such as verisign. My SSL communications are going to be on a private network and therefore can be self signed - saving us mucho $$

[MrLizard]

have you actually installed the root cert?

 

im having cert issues of another kind today with server2008 and MS unwillingness to support self signed certs!

[marzman]

have you actually installed the root cert?

 

im having cert issues of another kind today with server2008 and MS unwillingness to support self signed certs!

 

I dont have a root certificate to install - i believe i have to generate my own...?

 

Im now officially bald as i've been tearing my hair out since 11am!

[rich5259]

I read the titile and thought you'd been off sick for 3 days,

[Gaz Walker]

I know about SSL, but not self-sign, sorry

 

I read the titile and thought you'd been off sick for 3 days,

 

very good.

[SunGodRA]

found this....

 

e223. Creating a New Key Pair and Self-Signed Certificate Using keytool

This example uses the keytool program to create a new key pair and self-signed certificate for the principal Duke. The example generates a 1024-bit Digital Signature Algorithm (DSA) key pair.

 

> keytool -genkey -alias alias -keystore .keystore

Enter keystore password: password

What is your first and last name?

[unknown]: Duke

What is the name of your organizational unit?

[unknown]: JavaSoft

What is the name of your organization?

[unknown]: Sun

What is the name of your City or Locality?

[unknown]: Cupertino

What is the name of your State or Province?

[unknown]: CA

What is the two-letter country code for this unit?

[unknown]: US

Is correct?

[no]: yes

 

To create a 1024-bit RSA key:

 

> keytool -genkey -keyalg RSA -keysize 1024 -alias alias -keystore .keystore

[andlid]

not sure re keytool, used openssl and other products to create a cert.

 

filezilla has a cert tool built in (FTP server software), maybe you could use that? I've used that and then XCA to convert the server cert for a client side cert and imported it and using FTPS successfully with certs now is this development using 'windows' certs in the certificate store?