aspose file tools*
The moose likes Security and the fly likes IBM keytool not self-signing certificates Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "IBM keytool not self-signing certificates" Watch "IBM keytool not self-signing certificates" New topic
Author

IBM keytool not self-signing certificates

John Eric Hamacher
Ranch Hand

Joined: Apr 25, 2007
Posts: 230
Hello:

I am trying to generate a self-signed certificate with the keytool in the jdk shipped with RAD 7. It will not self-sign my certificates. I've tried several variations of the genkey statement. Here is what I did . . . any help would be appreciated. Thanks, Eric.


C:\Program Files\IBM\SDP\jdk\bin>keytool -genkey -alias -WAS2 -keyalg RSA -store
pass simssims -keypass simssims -keystore sims.p12
What is your first and last name?
[Unknown]: sims.dpi.wi.gov
What is the name of your organizational unit?
[Unknown]: apps
What is the name of your organization?
[Unknown]: dpi
What is the name of your City or Locality?
[Unknown]: madison
What is the name of your State or Province?
[Unknown]: wi
What is the two-letter country code for this unit?
[Unknown]: us
Is CN=sims.dpi.wi.gov, OU=apps, O=dpi, L=madison, ST=wi, C=us correct? (type "ye
s" or "no")
[no]: yes


C:\Program Files\IBM\SDP\jdk\bin>keytool -list -rfc -keystore "C:\Program Files\
IBM\sdp\jdk\bin\sims.p12
Enter keystore password:

Keystore type: pkcs12
Keystore provider: IBMJCE

Your keystore contains 1 entry

Alias name: -was2
Creation date: May 23, 2011
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
-----BEGIN CERTIFICATE-----
MIICPTCCAaagAwIBAgIETdq/0zANBgkqhkiG9w0BAQQFADBjMQswCQYDVQQGEwJ1czELMAkGA1UE
CBMCd2kxEDAOBgNVBAcTB21hZGlzb24xDDAKBgNVBAoTA2RwaTENMAsGA1UECxMEYXBwczEYMBYG
A1UEAxMPc2ltcy5kcGkud2kuZ292MB4XDTExMDUyMzIwMTMwN1oXDTExMDgyMTIwMTMwN1owYzEL
MAkGA1UEBhMCdXMxCzAJBgNVBAgTAndpMRAwDgYDVQQHEwdtYWRpc29uMQwwCgYDVQQKEwNkcGkx
DTALBgNVBAsTBGFwcHMxGDAWBgNVBAMTD3NpbXMuZHBpLndpLmdvdjCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEAnavTLDaoZV53QklmvFA7ytoDz9LEZurvndVv9XrUfRTr3wU2TNLm6XeXdLLe
l/blu4vUJ12fAtEQOBWAcp4YsUcNjtblqYZVpvKhHHKhS/3RSQe7ANKzBtRZo+lyZBQrsxqh9cq2
uKbb3TUk9gBrpp5UYKKo5NSqQ0vf9MMu7w8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQAAHNng1OBt
SG1F5EShkzq4ViHzcdwyZGewL+CArROTt6IgW11w9/mgovjANdd2LU3zEfTs6N2+xMexZtrBoG2O
9f/uurJP8vPRBbsPMODtD+v8ZQm5M2Ae2slYfrzucujmKT6pLzKcC1BLKjUVEf+p4zXGLQ8F7Hsv
6LCbg42CZQ==
-----END CERTIFICATE-----


*******************************************
*******************************************
James Sabre
Ranch Hand

Joined: Sep 07, 2004
Posts: 781

What am I missing. That looks to be a self signed certificate since the the issuer and subject are the same.


Retired horse trader.
 Note: double-underline links may be advertisements automatically added by this site and are probably not endorsed by me.
John Eric Hamacher
Ranch Hand

Joined: Apr 25, 2007
Posts: 230
Thanks for your help. When I give this keystore to my Websphere administrator, he says WebSphere is telling him it is unsigned. It sounds lie this may be a WebSphere problem.


Eric
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: IBM keytool not self-signing certificates