cosign-discuss at umich.edu
general discussion of cosign development and deployment
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: certificate questions
Wesley Craig wrote:
On 15 Sep 2005, at 11:55, Will Jaynes wrote:
java.security.cert.CertificateException: Untrusted Server
So the cosign filter isn't able to connect to the cosign server due
to some problem with the certificate.
I don't have any Java experience, but searching for your error in
Google, I found this:
Does this help?
ps I'd ignore the "bone in my nose" suggestion. :)
Yes, thank you, it did help. Evidently java's keytool *is* rather
picky. Evidently, when I first created the keypair, since I didn't
indicate an alias, it was stored as a self-signed cert with an alias of
"mykey". I then imported the umwebCA cert. That went fine. When I got
back the signed cert from umweb, I imported it into the keystore, but I
gave it an alias. Evidently, this was the wrong thing to do, since it
created a new cert in the keystore rather than replacing the original
What I should have done to make it work first time was
1) create a new keystore and a keypair
keytool -genkey -keystore keystore -alias MyNewAlias -keyalg "RSA"
2) generate a certificate signing request
keytool -certreq -keystore keystore -alias MyNewAlias -keyalg "RSA"
3) send the my.host.com.csr file to um's webmaster
4) import the um CA cert. it's in the cosign distribution called
keytool -import -keystore keystore -keyalg "RSA" -alias umweb -file
5) import the signed certificate that I got back from umweb
keytool -import -keystore keystore -keyalg "RSA" -alias MyNewAlias
I don't know if the -keyalg "RSA" is actually necessary, but it was part
of the directions in the JavaCosign source code.
Thanks for the help,