This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Security and the fly likes What is Certificate and how to configure it in cacerts file... Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "What is Certificate and how to configure it in cacerts file..." Watch "What is Certificate and how to configure it in cacerts file..." New topic
Author

What is Certificate and how to configure it in cacerts file...

Simpson Kumar
Ranch Hand

Joined: Mar 19, 2008
Posts: 261
Hi,
I got an error wile authenticating LDAP server, saying"unable to find valid certification path to requested target", I came to know that I need to configure LDAP server's certificates in jre/lib/security/cacerts file. but I don't know how to do it.

Could someone explain what is that certificate? how do I get that information from LDAP admins? how to configure certification in my machine and how to use in our logic?


Thanks,
Sumant K


Thanks,
Kumar
Simpson Kumar
Ranch Hand

Joined: Mar 19, 2008
Posts: 261
I got the certificate and now I want to add it in my cacerts file .. how do I do that? please give me reply
greg stark
Ranch Hand

Joined: Aug 10, 2006
Posts: 220
keytool


Nice to meet you.
Simpson Kumar
Ranch Hand

Joined: Mar 19, 2008
Posts: 261
hi greg.. thanks for replying..

I know with keytool we can, but I don't know the process to follow... culd you please explain me.
Simpson Kumar
Ranch Hand

Joined: Mar 19, 2008
Posts: 261
I got the certificate from the server admin through email like the following

-----BEGIN CERTIFICATE-----
MIIC6TCCAqcCBDxgu/IwCwYHKoZIzjgEAwUAMFoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTES
MBAGA1UEBxMJUGFsbyBBbHRvMQowCAYDVQQKEwFJMQswCQYDVQQLEwJNZTERMA8GA1UEAxMIUGF0
IENoYW4wHhcNMDIwMjA2MDUxNTMwWhcNMDIwNTA3MDUxNTMwWjBaMQswCQYDVQQGEwJVUzELMAkG
A1UECBMCQ0ExEjAQBgNVBAcTCVBhbG8gQWx0bzEKMAgGA1UEChMBSTELMAkGA1UECxMCTWUxETAP
BgNVBAMTCFBhdCBDaGFuMIIBuDCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2
EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7
ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUA
l2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdR
WVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx
+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYUAAoGBAPyx9uQ1PKBYO/2G
RPzbW4y6pphNRmObJQWbjY/ERuCQwLRrpREh9sgMnptZjRzLVpWdzxNa9bFMFXAYMgoTUIgAZ9yN
WPjp/JiFfzdIq3CY0CEey42M3mbD3pWsF9x4SSsJTpDobX/pm5XgtkhZXBZYtBk813Xv2LxyZ3OI
W1JnMAsGByqGSM44BAMFAAMvADAsAhQ5wayd5cpEo/vHmF7G5gVQ9cMKKAIUMfk2ZYxNdhe6oNmH
nR0AhnEHILE=
-----END CERTIFICATE-----

so what I have to do to set the key? what process?
greg stark
Ranch Hand

Joined: Aug 10, 2006
Posts: 220
keytool -importcert -keystore <path_to_cacerts> -storepass changeme -file path_to_certificate_file
Simpson Kumar
Ranch Hand

Joined: Mar 19, 2008
Posts: 261
greg stark wrote:keytool -importcert -keystore &amp;lt;path_to_cacerts&amp;gt; -storepass changeme -file path_to_certificate_file


Hi greg,
thanks for giving but I tried with that by following command, I failed to get that



Actually I put my certificate in the LDAPcer.cer file and located in C drive. And I trying to make a new cecerts file with the above command

I tried with removing lt'&lt;' and gt'&gt;' also and different paths, but everytime I failed.
Could you please correct me to get it done with my above information?
greg stark
Ranch Hand

Joined: Aug 10, 2006
Posts: 220
sorry, the default password on the cacerts file is changeit, not changeme.

don't include the< or> characters for the keystore path. Here is an actual keytool command on my computer that works. Your path will be different on your computer.



and goes on and on. This is for the -list command. Next, I made a copy of the cacerts file and called it mycacerts.


and then I imported a my own trusted certificate into this keystore.
 
Don't get me started about those stupid light bulbs.
 
subject: What is Certificate and how to configure it in cacerts file...
 
Similar Threads
Weblogic SSL certificate
Applet reading/writing to text files
Creating security certificates for ssl onfiguration
Creating and modifying keystore file
Configuring SSL on JBoss