Greetings, I have implemented the RMI over SSL. I have been using these lines to generate the keystores and keys necessary for the application to run: keytool -genkey -v -keyalg RSA -keystore server.keystore -dname "CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN" keytool -genkey -v -keyalg RSA -keystore client.keystore -dname "CN=Client, OU=Bar, O=Foo, L=Some, ST=Where, C=UN" keytool -export -rfc -keystore server.keystore -alias mykey -file server.public-key keytool -export -rfc -keystore client.keystore -alias mykey -file client.public-key keytool -import -alias client -keystore server.keystore -file client.public-key keytool -import -alias server -keystore client.keystore -file server.public-key Instead of generating these from a sample certificate, I would like to use the VeriSign certificates that come with the respective servers. Does anyone know how I might retrieve the public keys from these certificates? Thanks, -Mike
Hi Mike, You have essentailly created self-signed certificates for the client and server in their respective keystores. You have also exported the server's certificate and imported that into client's keystore and vice-versa. The public keys are part of the certificate but what you export and import are certificates and not public keys. If you want to use a well-known CA issued certificates then you will simply have to get certificates signed by them. Keep in mind that this process requires access to the private key of the CA and you will not get that. Retrieving the public key from VeriSign's CA certificate will solve no problem. /Pankaj.