Chapter 4 | Section 4.4 |
Operating SSL | Using the OpenSSL Utility |
create an initial serial number file used for tracking certificate signing. This certificate will be valid for 365 days.
4
keytool
Enter keystore password: seebeyond
keytool error: java.lang.Exception: Failed to establish chain from reply
You get an exception because there is no certificate chain in the client certificate so we have to import the CA’s certificate into the KeyStore first. You can then import the client.cer itself to form a certificate chain. You need the following steps:
5
keytool
Enter keystore password: seebeyond
Owner: EmailAddress=development@seebeyond.com, CN=development.seebeyo nd.com, OU=Development, O=SeeBeyond, L=Monrovia, ST=California, C=US Issuer: EmailAddress=development@seebeyond.com, CN=development.seebey ond.com,
OU=Development, O=SeeBeyond, L=Monrovia, ST=California, C=US Serial number: 0
Valid from: Tue May 08 15:09:07 PDT 2001 until: Wed May 08 15:09:07 PDT 2002
Certificate fingerprints:
MD5: 60:73:83:A0:7C:33:28:C3:D3:A4:35:A2:1E:34:87:F0
SHA1: C6:D0:C7:93:8E:A4:08:F8:38:BB:D4:11:03:C9:E6:CB:9C:D0:72:D0
Trust this certificate? [no]: yes Certificate was added to keystore
6
keytool
Enter keystore password: seebeyond
Certificate reply was installed in keystore
Now that we have a private key and an associating certificate chain in the KeyStore clientkeystore, we can use it as a KeyStore for client (eWay) authentication. The only warning is that the CA certificate must be imported into the trusted certificate store of the Web server to which you will be connecting. Moreover, the Web server must be configured for client authentication (httpd.conf for Apache, for example).
This appendix contains the contents of the openssl.cnf file that can be used on Windows. Be sure to make the appropriate changes to the directories.
4.4.3Windows OpenSSL.cnf File Example
This section contains the contents of the openssl.cnf file that can be used on Windows. Be sure to make the appropriate changes to the directories.
#
# SSLeay example properties file.
HTTPS eWay Adapter User’s Guide | 38 | Sun Microsystems, Inc. |