File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes RMI - SSL - VeriSign Certificates Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "RMI - SSL - VeriSign Certificates" Watch "RMI - SSL - VeriSign Certificates" New topic

RMI - SSL - VeriSign Certificates

Michael Conley

Joined: Oct 14, 2003
Posts: 3
I have implemented the RMI over SSL. I have been using these lines to generate the keystores and keys necessary for the application to run:
keytool -genkey -v -keyalg RSA -keystore server.keystore -dname "CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN"
keytool -genkey -v -keyalg RSA -keystore client.keystore -dname "CN=Client, OU=Bar, O=Foo, L=Some, ST=Where, C=UN"
keytool -export -rfc -keystore server.keystore -alias mykey -file server.public-key
keytool -export -rfc -keystore client.keystore -alias mykey -file client.public-key
keytool -import -alias client -keystore server.keystore -file client.public-key
keytool -import -alias server -keystore client.keystore -file server.public-key
Instead of generating these from a sample certificate, I would like to use the VeriSign certificates that come with the respective servers. Does anyone know how I might retrieve the public keys from these certificates?
Pankaj Kr
Ranch Hand

Joined: Sep 09, 2003
Posts: 80
Hi Mike,
You have essentailly created self-signed certificates for the client and server in their respective keystores. You have also exported the server's certificate and imported that into client's keystore and vice-versa. The public keys are part of the certificate but what you export and import are certificates and not public keys.
If you want to use a well-known CA issued certificates then you will simply have to get certificates signed by them. Keep in mind that this process requires access to the private key of the CA and you will not get that. Retrieving the public key from VeriSign's CA certificate will solve no problem.

Pankaj Kumar
Home - WebLog - J2EE Security
I agree. Here's the link:
subject: RMI - SSL - VeriSign Certificates
It's not a secret anymore!