• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

RMI - SSL - VeriSign Certificates

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Greetings,
I have implemented the RMI over SSL. I have been using these lines to generate the keystores and keys necessary for the application to run:
keytool -genkey -v -keyalg RSA -keystore server.keystore -dname "CN=Server, OU=Bar, O=Foo, L=Some, ST=Where, C=UN"
keytool -genkey -v -keyalg RSA -keystore client.keystore -dname "CN=Client, OU=Bar, O=Foo, L=Some, ST=Where, C=UN"
keytool -export -rfc -keystore server.keystore -alias mykey -file server.public-key
keytool -export -rfc -keystore client.keystore -alias mykey -file client.public-key
keytool -import -alias client -keystore server.keystore -file client.public-key
keytool -import -alias server -keystore client.keystore -file server.public-key
Instead of generating these from a sample certificate, I would like to use the VeriSign certificates that come with the respective servers. Does anyone know how I might retrieve the public keys from these certificates?
Thanks,
-Mike
 
Author
Posts: 80
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Mike,
You have essentailly created self-signed certificates for the client and server in their respective keystores. You have also exported the server's certificate and imported that into client's keystore and vice-versa. The public keys are part of the certificate but what you export and import are certificates and not public keys.
If you want to use a well-known CA issued certificates then you will simply have to get certificates signed by them. Keep in mind that this process requires access to the private key of the CA and you will not get that. Retrieving the public key from VeriSign's CA certificate will solve no problem.
/Pankaj.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic