How to make a certificate chain

Hi guys,

I am using openssl to create a certificate chain. For testing purposes, i created a self-signed root ca certificate and created a server certificate signed by the ca. Now I want to create a client certificate (using keytool) and sign it using the server certificate hence creating a chain. When I tried importing the server certificate in the client keystore I got the following error:

# keytool -import -keystore clientstore -alias CA -file server.crt

Enter keystore password: ******

keytool error: java.lang.Exception: Input not an X.509 certificate

For server certificate, I created a server certificate signing request (server.csr) and got it signed by ca as follows:

# openssl req -x509 -days 365 -in server.csr -out server.crt -key ca.key

Any help in this regard will be greatly appreciated.

Ankit

[869 byte] By [Ankit_A] at [2007-9-30 19:11:51]

«« Thread: sleep()
»» JScrollBar Problem

# 1

your keytool command is correct, but your file must be a X509.

-file server.crt is not a valid file format

you must have der encoded or a base64 pem file,.

the following extensions are allowed:

server.cer, server.der or server.pem.

i dont齥now how, but i think taht you can generate your certificate is a x509 format on openssl..

peteredman at 2007-7-6 23:23:11 >

top of Java-index,Security,Java Secure Socket Extension (JSSE)...

# 2

I encountered the same problem with .pem and .txt files. The .der formatted file was imported without error.So you might want to use this encoding.

fasten at 2007-7-6 23:23:11 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

How to make a certificate chain

Security New Topic

Security Hot Topic

Security

All Classified