Chapter 4

Section 4.4

Operating SSL

Using the OpenSSL Utility

create an initial serial number file used for tracking certificate signing. This certificate will be valid for 365 days.

4

keytool -import -keystore clientkeystore -file client.cer -alias client

Enter keystore password: seebeyond

keytool error: java.lang.Exception: Failed to establish chain from reply

You get an exception because there is no certificate chain in the client certificate so we have to import the CA’s certificate into the KeyStore first. You can then import the client.cer itself to form a certificate chain. You need the following steps:

5

keytool -import -keystore clientkeystore -file CA ca-certificate.pem.txt -alias theCARoot

Enter keystore password: seebeyond

Owner: EmailAddress=development@seebeyond.com, CN=development.seebeyo nd.com, OU=Development, O=SeeBeyond, L=Monrovia, ST=California, C=US Issuer: EmailAddress=development@seebeyond.com, CN=development.seebey ond.com,

OU=Development, O=SeeBeyond, L=Monrovia, ST=California, C=US Serial number: 0

Valid from: Tue May 08 15:09:07 PDT 2001 until: Wed May 08 15:09:07 PDT 2002

Certificate fingerprints:

MD5: 60:73:83:A0:7C:33:28:C3:D3:A4:35:A2:1E:34:87:F0

SHA1: C6:D0:C7:93:8E:A4:08:F8:38:BB:D4:11:03:C9:E6:CB:9C:D0:72:D0

Trust this certificate? [no]: yes Certificate was added to keystore

6

keytool –import –keystore clientkeystore –file client.cer –alias client

Enter keystore password: seebeyond

Certificate reply was installed in keystore

Now that we have a private key and an associating certificate chain in the KeyStore clientkeystore, we can use it as a KeyStore for client (eWay) authentication. The only warning is that the CA certificate must be imported into the trusted certificate store of the Web server to which you will be connecting. Moreover, the Web server must be configured for client authentication (httpd.conf for Apache, for example).

This appendix contains the contents of the openssl.cnf file that can be used on Windows. Be sure to make the appropriate changes to the directories.

4.4.3Windows OpenSSL.cnf File Example

This section contains the contents of the openssl.cnf file that can be used on Windows. Be sure to make the appropriate changes to the directories.

#

# SSLeay example properties file.

HTTPS eWay Adapter User’s Guide

38

Sun Microsystems, Inc.

Page 37 Page 39
Page 38
Image 38
Sun Microsystems 5.1.1 manual Windows OpenSSL.cnf File Example, # SSLeay example properties file
Page 37 Page 39
Top Page Image Contents