[Oracle Container for Java is a Java web server, similar to Tomcat] This is probably more of an oc4j question, but it deals with cryptography/OpenSSL so I was hoping for some input from folks who may have encountered this. If nothing else, it will be nice to have in the archives for those who use OpenSSL in lieu of other tools. [BTW, many thanks to the OpenSSL dev team--very straightforward and functional.]
I'm working on an intranet that will use SSL/Client certs for certain authentications. I've set up our own CA using OpenSSL, and have successfully issued server and client certs that work via IIS and Apache (mod_ssl). We've made SSL work on a development workstation via OC4j using a Thawte test cert. However, we can't get our OpenSSL CA certs to work. We have successfully imported our CA root into his cacerts file using the java keytool. However when you hit the OC4J site, the browser has no certificates to choose from in the “Client Authentication” box. Again, I've made the same certificates work in IIS and Apache. My hunch is that oc4j is not picking up our custom CA (even though keytool -list on the cacerts keystore lists us right along side thawte, verisign, etc....) so the browser has no legitimate client certs to choose from (this is the way it works isn't it?). The second problem is that I can’t seem to get OC4j to like a web server SSL key I’ve generated and signed with our own CA. After importing using keytool, a keytool list only shows the imported key as “trustedCertEntry” and not a "keyEntry". Thanks for any and all input. -Mike ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
