You might try adding '-trustcacerts' to your import command (I'm not interested enough to try it myself :).
However, the easiest way to do what you want (IMHO) is to use a PKCS12 keystore. There is an example in the Tomcat5 ssl-howto. "Stewart Walker" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Wondering if I my message is getting out there as as I've seen no > response. Going to try again. > > Could really use your help getting past the below error while > trying to setup/import a server certificate. > > The required jsse jar files are in > $JAVA_HOME/jre/lib/ext > > The IBMJava was installed during the Linux install. As far > as I can tell it isn't running anything and $JAVA_HOME/bin > is first in the path. But I still wonder. > > keytool was run by root in $JAVA_HOME/bin > > Haven't done anything with apache yet our web based servlet app is > working on 8080 with tomcat. > Thanks. > > Linux ES 2.1 > 249-e.37 kernel > j2sdk1.4.2_03 > tomcat5.0.18 > > $PATH > > /usr/kerberos/sbin: > /usr/kerberos/bin: > /usr/java/j2sdk1.4.2_03/bin: > /opt/IBMJava2-131/bin: > /opt/IBMJava2-131/jre/bin: > /usr/local/sbin:/sbin:/usr/sbin: > /bin:/usr/bin:/usr/bin/X11: > /usr/local/bin: > /usr/bin: > /usr/X11R6/bin: > /root/bin: > > [EMAIL PROTECTED] ps aux |grep java > root 2985 27.0 0.7 246712 29368 pts/5 S 08:38 0:04 > /usr/java/j2sdk1. > root 2986 0.0 0.7 246712 29368 pts/5 S 08:38 0:00 > /usr/java/j2sdk1. > this is just a snipit.. > > [EMAIL PROTECTED]/ca]#ls -l > -rwxr-xr-x 1 root apache 785 Feb 18 10:16 ca.csr > -rwxr-xr-x 1 root apache 887 Feb 18 10:16 ca.key > -rwxr-xr-x 1 root apache 1066 Feb 18 10:17 ca.pem > > > [EMAIL PROTECTED] openssl req -new -newkey / > rsa:1024 -nodes -out /usr/java/ssl/ca/ca.csr / > -keyout /usr/java/ssl/ca/ca.key > Using configuration from /usr/share/ssl/openssl.cnf > Generating a 1024 bit RSA private key > .............++++++ > ......++++++ > writing new private key to '/usr/java/ssl/ca/ca.key' > ----- > ok works fine > > [EMAIL PROTECTED] openssl x509 -trustout / > -signkey /usr/java/ssl/ca/ca.key / > -days 720 -req -in /usr/java/ssl/ca/ca.csr / > -out /usr/java/ssl/ca/ca.pem > Signature ok > subject=/C=US/ST=state/L=city/O=City state/OU=dept/CN=computer/Email=email > Getting Private key > ok works fine > > [EMAIL PROTECTED] keytool -import -keystore / > $JAVA_HOME/jre/lib/security/cacerts / > -file /usr/java/ssl/ca/ca.pem -alias test_ca > Enter keystore password: changeit > Exception in thread "main" java.lang.ExceptionInInitializerError > at javax.crypto.Cipher.a(DashoA6275) > at javax.crypto.Cipher.getInstance(DashoA6275) > at > com.baltimore.jcrypto.provider.crypto.signatures.RSASignature.<init>([DashoP ro- > V1.3-013000]) > at > com.baltimore.jcrypto.provider.crypto.signatures.JCRYPTO_RSAwithMD5Signature --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
