[Cosign-discuss] JavaCosign - preparing the keystore

[George Francis]

Hello,
Have browsed the archives for a direct answer to this, but to no avail.

I've written a J2EE web application that's being used at a University.
I'm hosting the web app from a Tomcat (5.5) server.
The University want me to integrate my application with their existing
CoSign service.

I have created a keystore for the JavaCosign api to access, but I'm not
certain whether I need to:
a) import existing certificate(s) (PEM) into my keystore that has to be
provided by the University
and/or
b) generate a CSR (keytool -certreq) and send it to them to have them sign
it, then import that

I don't want to ask them for anything I don't need.
Do I need (a) *and* (b), or just one or the other?
--
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire 
the most talented Cisco Certified professionals. Visit the 
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html___
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss

Re: [Cosign-discuss] JavaCosign - preparing the keystore

[George Francis]

The customer sent me a *.crt and a *.key

When I try:
keytool -keystore jcosign.jks -importcert -alias foobar -file foobar.crt 
I get:
keytool error: java.lang.Exception: Input not an X.509 certificate

When I try:
keytool -keystore jcosign.jks -keyalg "RSA" -import -file foobar.crt 
I get:
keytool error: java.security.cert.CertificateParsingException: invalid 
DER-encoded certificate data

But the certificate certainly seems valid.  I can open it in a utility and see 
all the correct metadata including "Signature Algorithm: SHA-1 with RSA 
Encryption ( 1.2.840.113549.1.1.5 )"

Should I be checking or doing something else?
Is there anything I could do with the key file to resolve this?

Many thanks for any advice.


On Apr 4, 2013, at 1:42 AM, Xin Feng  wrote:

> You need a) import the CA cert ( that signed the Cosign service cert )  to 
> your keystore.
> 
> If your cert is official signed by the CA that your CoSign service knows, you 
> don't need (b).  
> 
> -Xin
> 
> On Tue, Apr 2, 2013 at 9:09 PM, George Francis  wrote:
> Hello,
> Have browsed the archives for a direct answer to this, but to no avail.
> 
> I've written a J2EE web application that's being used at a University.
> I'm hosting the web app from a Tomcat (5.5) server.
> The University want me to integrate my application with their existing CoSign 
> service. 
> 
> I have created a keystore for the JavaCosign api to access, but I'm not 
> certain whether I need to: 
> a) import existing certificate(s) (PEM) into my keystore that has to be 
> provided by the University
> and/or
> b) generate a CSR (keytool -certreq) and send it to them to have them sign 
> it, then import that
> 
> I don't want to ask them for anything I don't need.  
> Do I need (a) and (b), or just one or the other?
> 
> --
> Minimize network downtime and maximize team effectiveness.
> Reduce network management and security costs.Learn how to hire
> the most talented Cisco Certified professionals. Visit the
> Employer Resources Portal
> http://www.cisco.com/web/learning/employer_resources/index.html
> ___
> Cosign-discuss mailing list
> Cosign-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/cosign-discuss
> 
> 

--
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter___
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss