Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

RMI - SSL - VeriSign Certificates

 
Michael Conley
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Greetings,
I have implemented the RMI over SSL. I have been using these lines to generate the keystores and keys necessary for the application to run:
keytool -genkey -v -keyalg RSA -keystore server.keystore -dname "CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN"
keytool -genkey -v -keyalg RSA -keystore client.keystore -dname "CN=Client, OU=Bar, O=Foo, L=Some, ST=Where, C=UN"
keytool -export -rfc -keystore server.keystore -alias mykey -file server.public-key
keytool -export -rfc -keystore client.keystore -alias mykey -file client.public-key
keytool -import -alias client -keystore server.keystore -file client.public-key
keytool -import -alias server -keystore client.keystore -file server.public-key
Instead of generating these from a sample certificate, I would like to use the VeriSign certificates that come with the respective servers. Does anyone know how I might retrieve the public keys from these certificates?
Thanks,
-Mike
 
Pankaj Kr
Author
Ranch Hand
Posts: 80
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Mike,
You have essentailly created self-signed certificates for the client and server in their respective keystores. You have also exported the server's certificate and imported that into client's keystore and vice-versa. The public keys are part of the certificate but what you export and import are certificates and not public keys.
If you want to use a well-known CA issued certificates then you will simply have to get certificates signed by them. Keep in mind that this process requires access to the private key of the CA and you will not get that. Retrieving the public key from VeriSign's CA certificate will solve no problem.
/Pankaj.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic