cosign-discuss at umich.edu
general discussion of cosign development and deployment
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: certificate questions
I created a cert and sent it off to webmaster for signing, and got the
returned certificate. Very fast response time. But now I'm having a
problem that perhaps people on this list have seen before. Here's the
reply I sent to webmaster after encountering the problem:
I am having a problem with importing the certificate that you sent to me
yesterday. I'm following the instructions found in the README.txt file
with the JavaCosign code. I copied and pasted the certificate you sent
to me, and saved it to a file. I then tried to import it into the
keystore with the following command:
keytool -keystore keystore -keyalg "RSA" -import -trustcacerts -file
The error I get is:
keytool error: java.lang.Exception: Failed to establish chain from reply
Do you have an idea what my problem might be?
johanna bromberg craig wrote:
since you're at umich, these are our policies//guidelines
1) you're right, the cn is the domain name/hostname, but they don't
*have* to match, it is just preferred. The only requirement is that
the cn end in umich.edu, feel free to "make up" a hostname.
2) in this case it's the umwebCA, so you should it to
webmaster@xxxxxxxxx and ask for a umwebCA signed cert.
On Sep 14, 2005, at 2:43 PM, Will Jaynes wrote:
I'm taking a look at the JavaCosign filter and would like to set it
up on my development workstation. The install section of the
README.txt file talks about creating a keystore and a certificate
and a signing request, and then "Have your CA sign the CSR". This
brings up a couple questions for me:
1) The certificate requires a CN. I assume this should be a domain
name, and I assume the dn should be that of the machine the
certificate will be used on. Are those assumptions correct? My
development workstation doesn't have a domain name. It's a DHCP
client and only has an IP, and not always the same IP. Is this going
to be a problem with regard to the certificate?
2) Who is my CA, and where do I send the CSR to have it signed?
thanks for any info,