• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

What is Certificate and how to configure it in cacerts file...

 
Ranch Hand
Posts: 261
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I got an error wile authenticating LDAP server, saying"unable to find valid certification path to requested target", I came to know that I need to configure LDAP server's certificates in jre/lib/security/cacerts file. but I don't know how to do it.

Could someone explain what is that certificate? how do I get that information from LDAP admins? how to configure certification in my machine and how to use in our logic?


Thanks,
Sumant K
 
Simpson Kumar
Ranch Hand
Posts: 261
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I got the certificate and now I want to add it in my cacerts file .. how do I do that? please give me reply
 
Ranch Hand
Posts: 220
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
keytool
 
Simpson Kumar
Ranch Hand
Posts: 261
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi greg.. thanks for replying..

I know with keytool we can, but I don't know the process to follow... culd you please explain me.
 
Simpson Kumar
Ranch Hand
Posts: 261
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I got the certificate from the server admin through email like the following

-----BEGIN CERTIFICATE-----
MIIC6TCCAqcCBDxgu/IwCwYHKoZIzjgEAwUAMFoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTES
MBAGA1UEBxMJUGFsbyBBbHRvMQowCAYDVQQKEwFJMQswCQYDVQQLEwJNZTERMA8GA1UEAxMIUGF0
IENoYW4wHhcNMDIwMjA2MDUxNTMwWhcNMDIwNTA3MDUxNTMwWjBaMQswCQYDVQQGEwJVUzELMAkG
A1UECBMCQ0ExEjAQBgNVBAcTCVBhbG8gQWx0bzEKMAgGA1UEChMBSTELMAkGA1UECxMCTWUxETAP
BgNVBAMTCFBhdCBDaGFuMIIBuDCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2
EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7
ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUA
l2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdR
WVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx
+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYUAAoGBAPyx9uQ1PKBYO/2G
RPzbW4y6pphNRmObJQWbjY/ERuCQwLRrpREh9sgMnptZjRzLVpWdzxNa9bFMFXAYMgoTUIgAZ9yN
WPjp/JiFfzdIq3CY0CEey42M3mbD3pWsF9x4SSsJTpDobX/pm5XgtkhZXBZYtBk813Xv2LxyZ3OI
W1JnMAsGByqGSM44BAMFAAMvADAsAhQ5wayd5cpEo/vHmF7G5gVQ9cMKKAIUMfk2ZYxNdhe6oNmH
nR0AhnEHILE=
-----END CERTIFICATE-----

so what I have to do to set the key? what process?
 
greg stark
Ranch Hand
Posts: 220
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
keytool -importcert -keystore <path_to_cacerts> -storepass changeme -file path_to_certificate_file
 
Simpson Kumar
Ranch Hand
Posts: 261
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

greg stark wrote:keytool -importcert -keystore &amp;lt;path_to_cacerts&amp;gt; -storepass changeme -file path_to_certificate_file



Hi greg,
thanks for giving but I tried with that by following command, I failed to get that



Actually I put my certificate in the LDAPcer.cer file and located in C drive. And I trying to make a new cecerts file with the above command

I tried with removing lt'&lt;' and gt'&gt;' also and different paths, but everytime I failed.
Could you please correct me to get it done with my above information?
 
greg stark
Ranch Hand
Posts: 220
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
sorry, the default password on the cacerts file is changeit, not changeme.

don't include the< or> characters for the keystore path. Here is an actual keytool command on my computer that works. Your path will be different on your computer.



and goes on and on. This is for the -list command. Next, I made a copy of the cacerts file and called it mycacerts.


and then I imported a my own trusted certificate into this keystore.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic