JKS or PKCS ?

Dear friends,

I磎 trying to access a safe server through Https. The connection algorithm and all handshake stuff is done, already tested in a local server.

The problem is:

I磎 trying to access a IIS server with a certificate generated through the MS certsrv web page, with the following specification:

Submit a certificate request using a base64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS #7 file

I磎 trying to generate the keystore through the comand:

keytool -genkey -alias fup -keypass changeit -keystore fup.keystore -stor

epass changeit -storetype PKCS#10

but it doesn磘 accept such type...

any tip ?

[697 byte] By [Felipe.Gauchoa] at [2007-10-2 0:19:02]

# 1

PKCS10 does not define a Key store format; it is a format for a "Certificate request". Therefore, logically you can not use the keytool that way.

First generate a key entry (-genkey) , then use the (-certreq) to generate the pkcs10 request and submit that to your authority.

After receiving the response from the CA you import it to replace the self signed certificate with that one.

Read the documentaion carefully ;-)

http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html#CertChains

babakNa at 2007-7-15 16:20:30 >

Security New Topic