Certain information like external keystore passwords are encrypted using the default KS and stored in the registry. But it is not related to this issue. If possible please attach the contents of the keystore (eliminate the sensitive information) so that we can check the aliases, issuer, subject, CNs etc..
Thanks, Thilina On Thu, Sep 9, 2010 at 7:28 PM, Daniel Callejas Albalate <d...@nextret.net>wrote: > A silly question, i need to re-make the database in order install new > certificate? > > -----Mensaje original----- > De: carbon-dev-boun...@wso2.org [mailto:carbon-dev-boun...@wso2.org] En > nombre de Daniel Callejas Albalate > Enviado el: jueves, 09 de septiembre de 2010 15:15 > Para: carbon-dev@wso2.org > Asunto: Re: [Carbon-dev] keystore/certificate question > > I'm going to explain the configuration, if someone sees something wrong > please tell me > > The jks it's in resources/security/tmp/keystore.jks > And only contains the key and the certificate (from Thawte and not a trial) > > In carbon.xml I have that configuration > > <KeyStore> > <!-- Keystore file location--> > > <Location>${carbon.home}/resources/security/tmp/keystore.jks</Location> > <!-- Keystore type (JKS/PKCS12 etc.)--> > <Type>JKS</Type> > <!-- Keystore password--> > <Password>[JKS_PASS]</Password> > <!-- Private Key alias--> > <KeyAlias>[ALIAS_OF_THE_KEY]</KeyAlias> > <!-- Private Key password--> > <KeyPassword>[KEY_PASS]</KeyPassword> > </KeyStore> > > And mgt-transports.xml config it's that > > <parameter > > name="keystore">${carbon.home}/resources/security/tmp/keystore.jks</paramete > r> > <parameter name="keypass">[KEY_PASS]</parameter> > > With that configuration when I go to the main page of gs and see the > security information the info correspond to the key and not to the > certificate, wich means I get security advisories at the moment of load the > web. > > Any idea? > > Thanks and best regards. > Daniel Callejas > > > > -----Mensaje original----- > De: carbon-dev-boun...@wso2.org [mailto:carbon-dev-boun...@wso2.org] En > nombre de Daniel Callejas Albalate Enviado el: miércoles, 08 de septiembre > de 2010 16:33 > Para: carbon-dev@wso2.org > Asunto: Re: [Carbon-dev] keystore/certificate question > > I generate a key and created a CSR to apply for a certificate in a CA. > > ________________________________ > De: carbon-dev-boun...@wso2.org [carbon-dev-boun...@wso2.org] En nom de > Thilina Mahesh Buddhika [thili...@wso2.com] Enviat el: dimecres, 8 / > setembre / 2010 14:14 Per a: carbon-dev@wso2.org > Tema: Re: [Carbon-dev] keystore/certificate question > > Properly updating the carbon.xml and mgt-transports.xml should solve the > problem. > > Btw, did you generate a self signed certificate first and replaced that > public cert with the CA signed one or just generated a key and created the > CSR out of it? > > Thilina > > On Wed, Sep 8, 2010 at 4:37 PM, Daniel Callejas Albalate > <d...@nextret.net<mailto:d...@nextret.net>> wrote: > Yes, the certificate it’s imported in the same keystore where the private > key is. > > De: carbon-dev-boun...@wso2.org<mailto:carbon-dev-boun...@wso2.org> > [mailto:carbon-dev-boun...@wso2.org<mailto:carbon-dev-boun...@wso2.org>] > En > nombre de Thilina Mahesh Buddhika Enviado el: miércoles, 08 de septiembre > de > 2010 13:04 > > Para: carbon-dev@wso2.org<mailto:carbon-dev@wso2.org> > Asunto: Re: [Carbon-dev] keystore/certificate question > > Hi, > > Did you import the certificate of Thawte to this keystore? > > So you generated a private key, generated a CSR out of it and sent it to > for > signing to Thawte and imported that signed cert back to the keystore where > the private key was in. > > Thanks, > Thilina > On Wed, Sep 8, 2010 at 1:34 PM, Daniel Callejas Albalate > <d...@nextret.net<mailto:d...@nextret.net>> wrote: > Hi, > Thanks for the reply. I import the certificate to the same keystore where > is > the private key, where the previous certificate was. Firs I delete the old > certificate and then import the new. I was using a ‘custom’ keystore not > the > wso2carbon.jks, but in carbon .xml and mgt-transports.xml I have configured > the new keystore. > > Best Regards. > > De: carbon-dev-boun...@wso2.org<mailto:carbon-dev-boun...@wso2.org> > [mailto:carbon-dev-boun...@wso2.org<mailto:carbon-dev-boun...@wso2.org>] > En > nombre de Thilina Mahesh Buddhika Enviado el: martes, 07 de septiembre de > 2010 19:44 > Para: carbon-dev@wso2.org<mailto:carbon-dev@wso2.org> > Asunto: Re: [Carbon-dev] keystore/certificate question > > If you are using ESB, then it is required to change the keystore settings > of > the axis2.xml in addition to carbon.xml and mgt-transports.xml. In other > products, it is sufficient only to modify those two files. > > How did you insert your custom cert, is it using a fresh keystore or by > importing the cert and the private key into the existing wso2carbon.jks? > Please elaborate more on the steps you followed. > > Thanks, > Thilina > On Tue, Sep 7, 2010 at 10:56 PM, Daniel Callejas Albalate > <d...@nextret.net<mailto:d...@nextret.net>> wrote: > Hi everyone, > > I’m messing with the certificates and i have a question. When I change a > keystore and/or a certificate from a server, I need to change something > than > carbon.xml and mgt-transports.xml? > > I have changed the certificate from a server and now the server doesn’t > take > the correct certificate. I’m using a trial certificate from thawte and > when > I connect by https I see the information of the private key. > > Best Regards > > Att, > Daniel Callejas Albalate > ________________________________________________ > NexTReT - eBusiness Solutions > http://www.nextret.net<http://www.nextret.net/> > Passeig Bonanova, 9. 08022 Barcelona > Calle Fortuny, 3 28010 Madrid > Tf. (+34) 932 541 530 Fx. (+34) 934 175 062 > > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org<mailto:Carbon-dev@wso2.org> > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > > -- > Thilina Mahesh Buddhika > Senior Software Engineer > WSO2 Inc. ; http://wso2.com > lean . enterprise . middleware > > phone : +94 77 44 88 727 > blog : http://blog.thilinamb.com > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org<mailto:Carbon-dev@wso2.org> > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > > -- > Thilina Mahesh Buddhika > Senior Software Engineer > WSO2 Inc. ; http://wso2.com > lean . enterprise . middleware > > phone : +94 77 44 88 727 > blog : http://blog.thilinamb.com > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org<mailto:Carbon-dev@wso2.org> > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > > > -- > Thilina Mahesh Buddhika > Senior Software Engineer > WSO2 Inc. ; http://wso2.com > lean . enterprise . middleware > > phone : +94 77 44 88 727 > blog : http://blog.thilinamb.com > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- Thilina Mahesh Buddhika Senior Software Engineer WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 77 44 88 727 blog : http://blog.thilinamb.com
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
