Our shop is using SSL/TLS a lot. We generate the home made certificate a lot. OpenSSL is much powerful to generate the certificate than simply use Java key certificate tool.
OPEN SSL STEPS
Download open ssl 0.9.8.a
1. CREATE A KEY
openssl genrsa -des3 1024 > c:\temp\server.key
2. create request
openssl req -new -key c:\temp\server.key -x509 -days 730 -out c:\temp\server.crt -extensions v3_ca
Country Name:CAf
Province:Alberta
Locality:Calgary
Organization Name:Xyz Corporation
Organization Unit Name:BOB
Common Name:Gandalf.xyz.com
email:gandalf@xyz.com
3. convert to Java key store
openssl pkcs12 -inkey c:\temp\server.key -in c:\temp\server.crt -export -out c:\temp\jetty.pkcs12
4. convert to a java keystore format
set JETTY_HOME=C:\Program Files\ArdmoreServer\lib
java -classpath "%JETTY_HOME%/org.mortbay.jetty.jar" org.mortbay.util.PKCS12Import jetty.pkcs12 c:\temp\BOBkeystore
5. listing the certificates
keytool -list -keystore BOBkeystore
6. obfuscate a password
java -cp "%JETTY_HOME%/commons-logging.jar;%JETTY_HOME%/org.mortbay.jetty.jar" org.mortbay.util.Password Xyz
CN=www.verisign.com, O=VeriSign, C=US, S=California, L=Mountain View
No comments:
Post a Comment