cosign-discuss at umich.edu
general discussion of cosign development and deployment
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: certificate questions



Phil Pishioneri wrote:

On 9/15/05 8:31 AM, Will Jaynes wrote:

keytool -keystore keystore -keyalg "RSA" -import -trustcacerts -file www.umms.med.umich.edu.cer

The error I get is:

keytool error: java.lang.Exception: Failed to establish chain from reply

Do you have an idea what my problem might be?


This is just a guess based on faint memory, but you may need to first import the umwebCA cert (and have it set as a trusted CA).

-Phil


Thanks, Phil,

I found the umwebCA.pem file and imported it into my java cacerts keystore. I was then able to import into my cosign keystore file the certificate that the umweb folks had sent me. I still have some probelm with the certificate, however.

I've followed the instructions from the jcosign-1.0b1.zip file I got from the cosign download page. My webapp does redirect to the cosign login page, but after authenticating and getting redirected back to my webapp, the code throws the following expection:

SSLSocketFactory = com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl@71edc0
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted Server Certificate Chain

So the cosign filter isn't able to connect to the cosign server due to some problem with the certificate.

Does anyone have an idea what might be going on here?

thanks, Will