Win a copy of Practical SVG this week in the HTML/CSS/JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Error Mutual Certificates Security

 
Vinicius D Barba
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi...

I'm new with webservices and i've tried for one week to create keystore.jks, cacerts.jks, server.cer and client.cer. I have done it, but when i run my ws_client i have this exception:
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: WSS1852: KeyIdentifier value cannot be empty. Possible cause, certificate version being used does not support SubjectKeyIdentifier.

I've used keytool of java 6 to create the certificate, I've seen on the web that it happens with v1 certificate.

Take a look at my files..


keytool -list -v -keystore client_keystore.jks


Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: client
Creation date: 03/03/2010
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=myhost.mine.nu, OU=myhost.mine.nu, O=Rastreamento de Veiculos, L=Curitiba, ST=PR, C=BR
Issuer: CN=myhost.mine.nu, OU=myhost.mine.nu, O=Rastreamento de Veiculos, L=Curitiba, ST=PR, C=BR
Serial number: 4b8eb3eb
Valid from: Wed Mar 03 16:09:31 GMT-03:00 2010 until: Tue Jun 01 16:09:31 GMT-03:00 2010
Certificate fingerprints:
MD5: 18:54:1B:FE6:79:51:30:61:55:C9:B9:19:BA7:5C
SHA1: E1:5A:1D:26:5B:FA:07:64:47:09:F8:0C:F0:A2:54:20:06:41:A4:3A
Signature algorithm name: SHA1withRSA
Version: 3


*******************************************
*******************************************



keytool -list -v -keystore keystore.jks

......

Alias name: s1as
Creation date: 17/06/2009
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Vinicius, OU=Sun Java System Application Server, O=Sun Microsystems, L=Santa Clara, ST=California, C=US
Issuer: CN=Vinicius, OU=Sun Java System Application Server, O=Sun Microsystems, L=Santa Clara, ST=California, C=US
Serial number: 4a38e833
Valid from: Wed Jun 17 09:57:23 GMT-03:00 2009 until: Sat Jun 15 09:57:23 GMT-03:00 2019
Certificate fingerprints:
MD5: B5:99:60:6A:6D:A2:BE:6F:11:AB:24:B2:77:85:84:A4
SHA1: EA:F4:42:1C:6B:9A:79:27:9D:0A:C2:564:4E:FA:18:81:63:EA:14
Signature algorithm name: SHA1withRSA
Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 1D E4 00 0F C9 E8 8B DA 01 11 2E 25 B8 F8 71 B8 ...........%..q.
0010: A7 FF F7 79 ...y
]
]


I followed these steps:

1. Create a server directory
2. Create a client directory
3. Copy keystore.jks and cacerts.jks files from the glassfish/domain/domain1/config to server directory


Change to client directory
4. keytool -genkeypair -keyalg RSA -alias client -keypass changeit -storepass changeit -keystore client_keystore.jks
5. keytool -exportcert -alias client -keystore client_keystore.jks -storepass changeit -file client.cer
6. keytool -importcert -v -trustcacerts -alias client -keystore server/cacerts.jks -keypass changeit -file client.cer

Change to server directory
7. keytool -exportcert -alias s1as -keystore keystore.jks -storepass changeit -file server.cer

Change back to client directory
8. keytool -importcert -v -trustcacerts -alias s1as -keystore client_cacerts.jks -storepass changeit -keypass changeit -file server/server.cer

9. Copy cacerts.jks and keystore.jks files from server directory to GLASSFISH_DIR/domains/domain1/config.

10. Start glassfish


Even after all these steps and using v3 certificates, I have that exception.
I'd appreciate so much for some help...

Thanks...


 
You're not going crazy. You're going sane in a crazy word. Find comfort in this tiny ad:
the new thread boost feature: great for the advertiser and smooth for the coderanch user
https://coderanch.com/t/674455/Thread-Boost-feature
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!