1. Create the Keystore using keytool. It creates the private key and public key.
2. copy the private key. Get the security certificates from the commercial SSL certificate provider (like Verisign Inc.).
3. Import the certificates provided by the commercial vendors. Follow the sequence while importing. The sequence is - import the site specific certificate, domain specific certificate and root certificate. WHILE IMPORTING ROOT CERTIFICATE use the option to override the public key that was generated while creating the keystore. Otherwise it won't work. We had hardtime with this problem and almost 3/4 days wasted
-------------Sample Certification from Verisign------------
MIIBqzCCARQCAQAwbDELMAkGA1UEBhMCdXMxFjAUBgNVBAgTDW1hc3NhY2h1c2V0d
HMxDzANBgNVBAcTBmJvc3RvbjEUMBIGA1UEChMLc3RhdGVzdHJlZXQxDjAMBgNVBAs
TBWJhc2VsMQ4wDAYDVQQDEwVtYXN1ZDCBnjANBgkqhkiG9w0BAQEFAAOBjAAwgYgCg
YBRbqxofvLkEFjrUSy0Z56+ZIIQIuHD84rhD0uGHN0FrM8B0Ssl8okN8eQIYf+5/tQrfZDZ+
q86ZDA5YcvNc1QnGMboKAIt8WKZnSAmrUxNZ9AJ+CblmN575ygOpHjygY9o8RLYbJmPOl
VZMaDano9rQwjyp8G3jnW4Fn6T5+Qm1QIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAS
B0buuQp9IG4Cg+05S/YOD30YC0NXO3gzZED0Z8ik5js/TGt9LlYQtiPG9Gki9IjBhLEmYtJaz
26qXrbqXBYqx5eG/ItLp+TFRdC4qAuVOiaGzHDx0eqEx7w5OOt6EkVHVhfKK3YYqevTY3ll
4WyL0F6ASaTLrem/0F75Zwqx4o=
-----END NEW CERTIFICATE REQUEST-----
keytool -import -alias intermediateCA -keystore test.keystore -trustcacerts -file intermediateCA.cer
Enter keystore password: foobar
Owner: CN=VeriSign Trial Secure Server Test CA,
OU=Terms of use at https://www.v/erisign.com/cps/testca (c)05,
OU="For Test Purposes Only. No assurances.",
O="VeriSign, Inc.",
C=USIssuer: CN=VeriSign Trial Secure Server Test Root CA, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.",
C=USSerial number: 63b1a5cdc59f78801da0636cf975467b
Valid from: Tue Feb 08 19:00:00 EST 2005
until: Sun Feb 08 18:59:59 EST 2015Certificate fingerprints:
MD5: 8D:E9:89:DB:7F:CC:5E:3B:FD:DE:2C:42:08:13:EF:43
SHA1: D0:A5:BB:56:9E:CE:BE:B3:65:14:00:DE:BF:24:8B:A4:86:8C:7B:D8Trust this
certificate? [no]: yes
Certificate was added to keystore
keytool -import -alias test -keystore test.keystore -trustcacerts -file Cert.cerEnter keystore password: foobar
keytool error: java.lang.Exception: Failed to establish chain from reply
No comments:
Post a Comment