Hi...
I'm new with webservices and i've tried for one week to create keystore.jks, cacerts.jks, server.cer and client.cer. I have done it, but when i run my ws_client i have this exception:
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: WSS1852: KeyIdentifier value cannot be empty. Possible cause, certificate version being used does not support SubjectKeyIdentifier.
I've used keytool of
java 6 to create the certificate, I've seen on the web that it happens with v1 certificate.
Take a look at my files..
keytool -list -v -keystore client_keystore.jks
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: client
Creation date: 03/03/2010
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=myhost.mine.nu, OU=myhost.mine.nu, O=Rastreamento de Veiculos, L=Curitiba, ST=PR, C=BR
Issuer: CN=myhost.mine.nu, OU=myhost.mine.nu, O=Rastreamento de Veiculos, L=Curitiba, ST=PR, C=BR
Serial number: 4b8eb3eb
Valid from: Wed Mar 03 16:09:31 GMT-03:00 2010 until: Tue Jun 01 16:09:31 GMT-03:00 2010
Certificate fingerprints:
MD5: 18:54:1B:FE:D6:79:51:30:61:55:C9:B9:19:BA:D7:5C
SHA1: E1:5A:1D:26:5B:FA:07:64:47:09:F8:0C:F0:A2:54:20:06:41:A4:3A
Signature algorithm name: SHA1withRSA
Version: 3
*******************************************
*******************************************
keytool -list -v -keystore keystore.jks
......
Alias name: s1as
Creation date: 17/06/2009
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Vinicius, OU=Sun Java System Application Server, O=Sun Microsystems, L=Santa Clara, ST=California, C=US
Issuer: CN=Vinicius, OU=Sun Java System Application Server, O=Sun Microsystems, L=Santa Clara, ST=California, C=US
Serial number: 4a38e833
Valid from: Wed Jun 17 09:57:23 GMT-03:00 2009 until: Sat Jun 15 09:57:23 GMT-03:00 2019
Certificate fingerprints:
MD5: B5:99:60:6A:6D:A2:BE:6F:11:AB:24:B2:77:85:84:A4
SHA1: EA:F4:42:1C:6B:9A:79:27:9D:0A:C2:56:D4:4E:FA:18:81:63:EA:14
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 1D E4 00 0F C9 E8 8B DA 01 11 2E 25 B8 F8 71 B8 ...........%..q.
0010: A7 FF F7 79 ...y
]
]
I followed these steps:
1. Create a server directory
2. Create a client directory
3. Copy keystore.jks and cacerts.jks files from the glassfish/domain/domain1/config to server directory
Change to client directory
4. keytool -genkeypair -keyalg RSA -alias client -keypass changeit -storepass changeit -keystore client_keystore.jks
5. keytool -exportcert -alias client -keystore client_keystore.jks -storepass changeit -file client.cer
6. keytool -importcert -v -trustcacerts -alias client -keystore server/cacerts.jks -keypass changeit -file client.cer
Change to server directory
7. keytool -exportcert -alias s1as -keystore keystore.jks -storepass changeit -file server.cer
Change back to client directory
8. keytool -importcert -v -trustcacerts -alias s1as -keystore client_cacerts.jks -storepass changeit -keypass changeit -file server/server.cer
9. Copy cacerts.jks and keystore.jks files from server directory to GLASSFISH_DIR/domains/domain1/config.
10. Start glassfish
Even after all these steps and using v3 certificates, I have that exception.
I'd appreciate so much for some help...
Thanks...