Problem importing java generated certificates into windows and browsers.
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Andre_L
Posted On:   Tuesday, September 23, 2003 07:09 AM

Hi, i have a problem with importing certificates into my browser, that were generated with the keytool and from my own java code. I am really lost and any help is appreciated. what i want to do is: 1. use client authentication in a web application 2. generate client certificates automatically, so if i add a user to the system, some java code generates the certificate for me, which i can then import into the clients browser. here is what i did so far: 1.generate my own root certificate keytool -genkey -keyalg RSA -keystore ca.keystore -validity 300 -alias ca keytool -selfcert -alias ca -   More>>

Hi,

i have a problem with importing certificates into my browser, that were
generated with the keytool and from my own java code. I am really lost
and any help is appreciated.



what i want to do is:

1. use client authentication in a web application

2. generate client certificates automatically, so
if i add a user to the system, some java code generates
the certificate for me, which i can then import into the
clients browser.



here is what i did so far:



1.generate my own root certificate

			
keytool -genkey -keyalg RSA -keystore ca.keystore -validity 300 -alias ca
keytool -selfcert -alias ca -keystore ca.keystore
keytool -export -alias ca -keystore ca.keystore -file ca.cer



2.import the ca.cer file into windows or browser applications as a trusted authority

-> works without problems



3.generate client certificates through java

			
KeyStore keystore = KeyStore.getInstance( "JKS");
keystore.load( new FileInputStream("config/ca.keystore"),"password".toCharArray());

Certificate caCert = keystore.getCertificate("ca");

PrivateKey caPrivateKey = (PrivateKey)keystore.getKey("ca","password".toCharArray());

/*
* generate certificate for user
*/
KeyPairGenerator kpgen = KeyPairGenerator.getInstance("RSA");
kpgen.initialize(1024);
KeyPair keypair = kpgen.generateKeyPair();

X509V3CertificateGenerator x509gen = new X509V3CertificateGenerator();
x509gen.setSerialNumber( BigInteger.valueOf(sr.nextLong()) );
x509gen.setNotBefore( from );
x509gen.setNotAfter( to );
x509gen.setSubjectDN(new X509Name("CN="+username+", OU=Fachbereich Informatik, O=HAW Hamburg, L=Hamburg, ST=Hamburg, C=de"));
x509gen.setIssuerDN(new X509Name("CN=ca, OU=Fachbereich Informatik, O=HAW Hamburg, L=Hamburg, ST=Hamburg, C=de"));
x509gen.setSignatureAlgorithm("MD5WithRSAEncryption");
x509gen.setPublicKey( keypair.getPublic() );
X509Certificate cert = x509gen.generateX509Certificate( caPrivateKey );

OutputStream os = new FileOutputStream("i:\"+username+".cer");
Writer wr = new OutputStreamWriter(os, Charset.forName("UTF-8"));
wr.write("-----BEGIN CERTIFICATE-----
");
wr.write(new sun.misc.BASE64Encoder().encode(cert.getEncoded()));
wr.write("
-----END CERTIFICATE-----
");
wr.flush();
os.close();

4.import file into browser

does not work (neither internet explorer, opera, firebird)

error messages:

windows/ie: something like issuer for this certificate could not be found

opera: no matching private key found

firebird: complains, that the certificate is corrupt or not pkcs12 or password wrong



i then tried to change the keystore type to pkcs12, but it wasn't possible, because it is not
supported by the keytool.



like i said, i am lost and i really don't know what else to do.



best regards,

andre



ps: i am doing all this stuff on one machine right now, that's why i haven't posted
anything about seperate client/server certificate deployment.    <<Less

Re: Problem importing java generated certificates into windows and browsers.

Posted By:   pankaj_kumar  
Posted On:   Thursday, October 2, 2003 12:20 PM

Checkout certtool and crypttool of open source JSTK. The sources are available at http://www.j2ee-security.net/book/dnldsrc/



A user guide can be found by following appropriate link at http://www.j2ee-security.net/book/viewsource.php




Pankaj Kumar,


Author, J2EE Security ...
About | Sitemap | Contact