Attached are the content of the keystore
De: carbon-dev-boun...@wso2.org [mailto:carbon-dev-boun...@wso2.org] En nombre de Thilina Mahesh Buddhika Enviado el: jueves, 09 de septiembre de 2010 16:28 Para: carbon-dev@wso2.org Asunto: Re: [Carbon-dev] keystore/certificate question Certain information like external keystore passwords are encrypted using the default KS and stored in the registry. But it is not related to this issue. If possible please attach the contents of the keystore (eliminate the sensitive information) so that we can check the aliases, issuer, subject, CNs etc.. Thanks, Thilina On Thu, Sep 9, 2010 at 7:28 PM, Daniel Callejas Albalate <d...@nextret.net> wrote: A silly question, i need to re-make the database in order install new certificate? -----Mensaje original----- De: carbon-dev-boun...@wso2.org [mailto:carbon-dev-boun...@wso2.org] En nombre de Daniel Callejas Albalate Enviado el: jueves, 09 de septiembre de 2010 15:15 Para: carbon-dev@wso2.org Asunto: Re: [Carbon-dev] keystore/certificate question I'm going to explain the configuration, if someone sees something wrong please tell me The jks it's in resources/security/tmp/keystore.jks And only contains the key and the certificate (from Thawte and not a trial) In carbon.xml I have that configuration <KeyStore> <!-- Keystore file location--> <Location>${carbon.home}/resources/security/tmp/keystore.jks</Location> <!-- Keystore type (JKS/PKCS12 etc.)--> <Type>JKS</Type> <!-- Keystore password--> <Password>[JKS_PASS]</Password> <!-- Private Key alias--> <KeyAlias>[ALIAS_OF_THE_KEY]</KeyAlias> <!-- Private Key password--> <KeyPassword>[KEY_PASS]</KeyPassword> </KeyStore> And mgt-transports.xml config it's that <parameter name="keystore">${carbon.home}/resources/security/tmp/keystore.jks</paramete r> <parameter name="keypass">[KEY_PASS]</parameter> With that configuration when I go to the main page of gs and see the security information the info correspond to the key and not to the certificate, wich means I get security advisories at the moment of load the web. Any idea? Thanks and best regards. Daniel Callejas -----Mensaje original----- De: carbon-dev-boun...@wso2.org [mailto:carbon-dev-boun...@wso2.org] En nombre de Daniel Callejas Albalate Enviado el: miércoles, 08 de septiembre de 2010 16:33 Para: carbon-dev@wso2.org Asunto: Re: [Carbon-dev] keystore/certificate question I generate a key and created a CSR to apply for a certificate in a CA. ________________________________ De: carbon-dev-boun...@wso2.org [carbon-dev-boun...@wso2.org] En nom de Thilina Mahesh Buddhika [thili...@wso2.com] Enviat el: dimecres, 8 / setembre / 2010 14:14 Per a: carbon-dev@wso2.org Tema: Re: [Carbon-dev] keystore/certificate question Properly updating the carbon.xml and mgt-transports.xml should solve the problem. Btw, did you generate a self signed certificate first and replaced that public cert with the CA signed one or just generated a key and created the CSR out of it? Thilina On Wed, Sep 8, 2010 at 4:37 PM, Daniel Callejas Albalate <d...@nextret.net<mailto:d...@nextret.net>> wrote: Yes, the certificate its imported in the same keystore where the private key is. De: carbon-dev-boun...@wso2.org<mailto:carbon-dev-boun...@wso2.org> [mailto:carbon-dev-boun...@wso2.org<mailto:carbon-dev-boun...@wso2.org>] En nombre de Thilina Mahesh Buddhika Enviado el: miércoles, 08 de septiembre de 2010 13:04 Para: carbon-dev@wso2.org<mailto:carbon-dev@wso2.org> Asunto: Re: [Carbon-dev] keystore/certificate question Hi, Did you import the certificate of Thawte to this keystore? So you generated a private key, generated a CSR out of it and sent it to for signing to Thawte and imported that signed cert back to the keystore where the private key was in. Thanks, Thilina On Wed, Sep 8, 2010 at 1:34 PM, Daniel Callejas Albalate <d...@nextret.net<mailto:d...@nextret.net>> wrote: Hi, Thanks for the reply. I import the certificate to the same keystore where is the private key, where the previous certificate was. Firs I delete the old certificate and then import the new. I was using a custom keystore not the wso2carbon.jks, but in carbon .xml and mgt-transports.xml I have configured the new keystore. Best Regards. De: carbon-dev-boun...@wso2.org<mailto:carbon-dev-boun...@wso2.org> [mailto:carbon-dev-boun...@wso2.org<mailto:carbon-dev-boun...@wso2.org>] En nombre de Thilina Mahesh Buddhika Enviado el: martes, 07 de septiembre de 2010 19:44 Para: carbon-dev@wso2.org<mailto:carbon-dev@wso2.org> Asunto: Re: [Carbon-dev] keystore/certificate question If you are using ESB, then it is required to change the keystore settings of the axis2.xml in addition to carbon.xml and mgt-transports.xml. In other products, it is sufficient only to modify those two files. How did you insert your custom cert, is it using a fresh keystore or by importing the cert and the private key into the existing wso2carbon.jks? Please elaborate more on the steps you followed. Thanks, Thilina On Tue, Sep 7, 2010 at 10:56 PM, Daniel Callejas Albalate <d...@nextret.net<mailto:d...@nextret.net>> wrote: Hi everyone, Im messing with the certificates and i have a question. When I change a keystore and/or a certificate from a server, I need to change something than carbon.xml and mgt-transports.xml? I have changed the certificate from a server and now the server doesnt take the correct certificate. Im using a trial certificate from thawte and when I connect by https I see the information of the private key. Best Regards Att, Daniel Callejas Albalate ________________________________________________ NexTReT - eBusiness Solutions http://www.nextret.net<http://www.nextret.net/> Passeig Bonanova, 9. 08022 Barcelona Calle Fortuny, 3 28010 Madrid Tf. (+34) 932 541 530 Fx. (+34) 934 175 062 _______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org<mailto:Carbon-dev@wso2.org> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev -- Thilina Mahesh Buddhika Senior Software Engineer WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 77 44 88 727 blog : http://blog.thilinamb.com _______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org<mailto:Carbon-dev@wso2.org> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev -- Thilina Mahesh Buddhika Senior Software Engineer WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 77 44 88 727 blog : http://blog.thilinamb.com _______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org<mailto:Carbon-dev@wso2.org> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev -- Thilina Mahesh Buddhika Senior Software Engineer WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 77 44 88 727 blog : http://blog.thilinamb.com _______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev _______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev -- Thilina Mahesh Buddhika Senior Software Engineer WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 77 44 88 727 blog : http://blog.thilinamb.com
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 6 entries
Alias name: thawte_dv
Creation date: 09-Sep-2010
Entry type: trustedCertEntry
Owner: CN=Thawte DV SSL CA, OU=Domain Validated SSL, O="Thawte, Inc.", C=US
Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized
use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Serial number: 7610128a17b682bb3a1f9d1a9a35c092
Valid from: Thu Feb 18 00:00:00 UTC 2010 until: Mon Feb 17 23:59:59 UTC 2020
Certificate fingerprints:
MD5: A5:97:C7:3F:D2:0D:F6:0C:10:D5:4D:31:49:D6:CA:9D
SHA1: 3C:A9:58:F3:E7:D6:83:7E:1C:1A:CF:8B:0F:6A:2E:6D:48:7D:67:62
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AB 44 E4 5D EC 83 C7 D9 C0 85 9F F7 E1 C6 97 90 .D.]............
0010: B0 8C 3F 98 ..?.
]
]
#4: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.thawte.com]
]
#5: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.thawte.com/ThawtePCA.crl]
]]
#6: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 7B 5B 45 CF AF CE CB 7A FD 31 92 1A 6A B6 F3 46 .[E....z.1..j..F
0010: EB 57 48 50 .WHP
]
]
#7: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
CN=VeriSignMPKI-2-11
]
*******************************************
*******************************************
Alias name: wso2carbon
Creation date: 10-Aug-2010
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=fjegs1.fje.edu, OU=xxxxxxxxxxxx, O=xxxxxxxxxxxx, L=xxxxxxxxxxxx,
ST=xxxxxxxxxxxx, C=ES
Issuer: CN=fjegs1.fje.edu, OU=xxxxxxxxxxxx, O=xxxxxxxxxxxx, L=xxxxxxxxxxxx,
ST=xxxxxxxxxxxx, C=ES
Serial number: xxxxxxxxxxxx
Valid from: Tue Aug 10 14:57:48 UTC 2010 until: Mon Nov 08 14:57:48 UTC 2010
Certificate fingerprints:
MD5: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
SHA1: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Signature algorithm name: SHA1withRSA
Version: 3
*******************************************
*******************************************
Alias name: thawte trial secure server intermediate ca
Creation date: 07-Sep-2010
Entry type: trustedCertEntry
Owner: CN=Thawte Trial Secure Server CA, OU="For Test Purposes Only. No
assurances.", OU=Certification Services Division, O="Thawte, Inc.", C=US
Issuer: CN=thawte Trial Secure Server Root CA, OU="For Test Purposes Only. No
assurances.", OU=Certification Services Division, O="thawte, Inc.", C=US
Serial number: 3ba11e6c788e4ae15c7224a186fee7d5
Valid from: Thu Feb 04 00:00:00 UTC 2010 until: Mon Feb 03 23:59:59 UTC 2020
Certificate fingerprints:
MD5: C9:17:A2:B2:A9:A5:BB:A1:E2:6F:C5:23:A7:2A:B4:33
SHA1: 07:4E:D4:F8:93:E9:0A:B1:73:AB:39:53:2F:71:85:EF:F1:BE:10:7D
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 29 6C B5 35 FD 03 D6 48 FB 04 EF 3A 9F AB 15 4E )l.5...H...:...N
0010: 0A F4 4D 50 ..MP
]
]
#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.thawte.com/thawteTrialSSLRootCA.crl]
]]
#5: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 05 42 68 86 03 E9 C9 65 C1 27 B3 D9 9B D4 0F F7 .Bh....e.'......
0010: 7F F5 05 40 ...@
]
]
*******************************************
*******************************************
Alias name: thawte_root_ca
Creation date: 09-Sep-2010
Entry type: trustedCertEntry
Owner: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized
use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Issuer: emailaddress=premium-ser...@thawte.com, CN=Thawte Premium Server CA,
OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
ST=Western Cape, C=ZA
Serial number: 3365500879ad73e230b9e01d0d7fac91
Valid from: Fri Nov 17 00:00:00 UTC 2006 until: Wed Dec 30 23:59:59 UTC 2020
Certificate fingerprints:
MD5: D6:6A:92:1C:83:BF:A2:AE:6F:99:5B:44:E7:C2:AB:2A
SHA1: 1F:A4:90:D1:D4:95:79:42:CD:23:54:5F:6E:82:3D:00:00:79:6E:A2
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 7B 5B 45 CF AF CE CB 7A FD 31 92 1A 6A B6 F3 46 .[E....z.1..j..F
0010: EB 57 48 50 .WHP
]
]
#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.thawte.com/ThawtePremiumServerCA.crl]
]]
#5: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1A 68 74 74 70 73 3A 2F 2F 77 77 77 2E 74 68
..https://www.th
0010: 61 77 74 65 2E 63 6F 6D 2F 63 70 73 awte.com/cps
]] ]
]
*******************************************
*******************************************
Alias name: thawte test ca root certificate
Creation date: 07-Sep-2010
Entry type: trustedCertEntry
Owner: CN=thawte Trial Secure Server Root CA, OU="For Test Purposes Only. No
assurances.", OU=Certification Services Division, O="thawte, Inc.", C=US
Issuer: CN=thawte Trial Secure Server Root CA, OU="For Test Purposes Only. No
assurances.", OU=Certification Services Division, O="thawte, Inc.", C=US
Serial number: 3f5329027192b209eebf37a189a978d8
Valid from: Fri Oct 09 00:00:00 UTC 2009 until: Mon Oct 08 23:59:59 UTC 2029
Certificate fingerprints:
MD5: F8:8A:B4:59:96:74:32:7A:95:91:3A:E5:5D:24:52:53
SHA1: B9:82:B9:15:44:AA:C4:08:71:A2:B8:2B:3E:BA:A7:37:61:09:2E:BF
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 05 42 68 86 03 E9 C9 65 C1 27 B3 D9 9B D4 0F F7 .Bh....e.'......
0010: 7F F5 05 40 ...@
]
]
*******************************************
*******************************************
Alias name: cert_fjegs1_final
Creation date: 09-Sep-2010
Entry type: trustedCertEntry
Owner: CN=fjegs1.fje.edu, OU=Domain Validated, OU=Thawte SSL123 certificate,
OU=Go to https://www.thawte.com/repository/index.html, O=fjegs1.fje.edu
Issuer: CN=Thawte DV SSL CA, OU=Domain Validated SSL, O="Thawte, Inc.", C=US
Serial number: xxxxxxxxxxxxxxxxxxxxxxxx
Valid from: Thu Sep 09 00:00:00 UTC 2010 until: Fri Sep 09 23:59:59 UTC 2011
Certificate fingerprints:
MD5: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
SHA1: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
#2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.thawte.com]
]
#3: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://svr-dv-crl.thawte.com/ThawteDV.crl]
]]
#4: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
*******************************************
*******************************************
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
