How to register iOS device when using self signed certificate with apple Server?
Hi,
I have installed the server.app by Apple and used a slef signed certificate for my server. Now I want to register my different devices (iMac, iPhone etc.). I could register the iMac without problesm (I just had to add my self signed certificate to the trusted certificates)
Sadly, with the iPhone it is not that easy. I can install the "trust profile", but still after that I can not register my device. It seems like it does not accept my self signed certificate for device registration. When adding a registration profile, I get the error "www._mydomain_.tld/devicemanagement/api/device/auto_join_ota_service" is not valid.
Nethertheless, I can install a profile with setting, e.g. my imap settings, via the profile management without problems.
Does anyone have an idea how to get around the problem with the self signed certificate?
Best regards
Try deleting the Server.app and download it again from the App Store, restart.
My Server is also using self signed certificates and is working with iOS device (Trust Profile needed first).
Similar Messages
-
How to use Self Signed certificate with SSLServerSocket?
Hello to all.
I'm trying to build a simple client/server system wich uses SSLSocket to exchange data. (JavaSE 6)
The server must have it's own certificate, clients don't need one.
I started with this
http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
To generate key for the server and a self signed certificate.
To sum it up:
Create a new keystore and self-signed certificate with corresponding public/private keys.
keytool -genkeypair -alias mytest -keyalg RSA -validity 7 -keystore /scratch/stores/server.jks
Export and examine the self-signed certificate.
keytool -export -alias mytest -keystore /scratch/stores/server.jks -rfc -file server.cer
Import the certificate into a new truststore.
keytool -import -alias mytest -file server.cer -keystore /scratch/stores/client.jksThen in my server code I do
System.setProperty("javax.net.ssl.keyStore", "/scratch/stores/server.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "123456");
SSLServerSocketFactory sf = sslContext.getServerSocketFactory();
SSLServerSocket sslServerSocket = (SSLServerSocket)sf.createServerSocket( port );
Socket s = sslServerSocket.accept();I am basically missing some point because I get a "javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled." when I try to run the server.
Can it be a problem with the certificate? When using -validity <days> in keytool the certificate gets self-signed, so it should work if I'm not wrong.
I have also tried this solution
serverKeyStore = KeyStore.getInstance( "JKS" );
serverKeyStore.load( new FileInputStream("/scratch/stores/server.jks" ),
"123456".toCharArray() );
tmf = TrustManagerFactory.getInstance( "SunX509" );
tmf.init( serverKeyStore );
sslContext = SSLContext.getInstance( "TLS" );
sslContext.init( null, tmf.getTrustManagers(),secureRandom );
SSLServerSocketFactory sf = sslContext.getServerSocketFactory();
SSLServerSocket ss = (SSLServerSocket)sf.createServerSocket( port );and still it doesn't work.
So what am I missing?You were right. I corrected the mistakes in the server code, now it's
private SSLServerSocket setupSSLServerSocket(){
try {
SSLContext sslContext = SSLContext.getInstance( "TLS" );
KeyManagerFactory km = KeyManagerFactory.getInstance("SunX509");
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(_KEYSTORE), _KEYSTORE_PASSWORD.toCharArray());
km.init(ks, _KEYSTORE_PASSWORD.toCharArray());
* Da usare con un truststore se serve autenticazione dei client
* TrustManagerFactory tm = TrustManagerFactory.getInstance("SunX509");
tm.init(ks);*/
sslContext.init(km.getKeyManagers(), null, null);
SSLServerSocketFactory f = sslContext.getServerSocketFactory();
SSLServerSocket ss = (SSLServerSocket) f.createServerSocket(_PORT);
return ss;
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
return null;
}and on the client code
private SSLSocket setupSSLClientSocket(){
try {
SSLContext sslContext = SSLContext.getInstance( "TLS" );
/* SERVER
KeyManagerFactory km = KeyManagerFactory.getInstance("SunX509");
km.init(ks, _KEYSTORE_PASSWORD.toCharArray());
KeyStore clientks = KeyStore.getInstance("JKS");
clientks.load(new FileInputStream(_TRUSTSTORE), _TRUSTSTORE_PASS.toCharArray());
TrustManagerFactory tm = TrustManagerFactory.getInstance("SunX509");
tm.init(clientks);
sslContext.init(null, tm.getTrustManagers(), null);
SSLSocketFactory f = sslContext.getSocketFactory();
SSLSocket sslSocket = (SSLSocket) f.createSocket("localhost", _PORT);
return sslSocket;
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
return null;
}and added a System.out.println(sslSocket); after every incoming message (server side) and SSL is now fully working!
So my mistakes were:
[] Incorrect setup done by code
[] Incorrect and insufficient println() of socket status
Now that everything works, I've deleted all this manual setup and just use the system properties. (They MUST be set before getting the Factory)
SERVER SIDE:
System.setProperty("javax.net.ssl.keyStore", _KEYSTORE);
System.setProperty("javax.net.ssl.keyStorePassword", KEYSTOREPASSWORD);
SSLServerSocketFactory f = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
SSLServerSocket sslServerSocket = (SSLServerSocket) f.createServerSocket(_PORT);
CLIENT SIDE:
System.setProperty("javax.net.ssl.trustStore", "/scratch/stores/client.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "client");
SSLSocketFactory f = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslSocket = (SSLSocket) f.createSocket(_HOST, _PORT);
And everything is working as expected. Thank you!
I hope my code will help someone else in the future. -
Does anyone know how to use a self signed certificate with apple mail??
Ive read about it in mail's help and tried to set it up according to it. Ive created a self-signed certificate but have no idea how to set it up as it would work with Mail so that i would be able to send signed messages. could anyone help me??
Hello rado:
Welcome to Apple discussions.
I am assuming this is what you read:
http://docs.info.apple.com/article.html?path=Mac/10.5/en/8916.html
If you follow the instructions when you set up the certificate, you should be fine.
Incidentally, most +"ordinary users"+ (like me) do not use this function. I am curious as to why you want to jump through hoops in your Mail application.
Barry -
Does using self-signed cert. on ISE server has anthing to do with url redirect being not working
Hi,
I am setting up wired ISE environment. Everything is going fine, except url redirect is not working.
I just wondering, if using self-signed certificate on ISE server has anothing to do with the problem ?.
Appreciate your input.
ThanksHi,
As long as you have not changed the hostname or the domain name (and dns is accurate). You should only receive the certificate warning but still get redirected without any issues.
Thanks,
Tarik Admani
*Please rate helpful posts* -
How to get the displayID when using X-window to access solaris server?
I want to get the displayID in my programme when use X-window to access solaris on the server,but i don't know which the API in java?Somebody can tell me?
Thanks.Try deleting the Server.app and download it again from the App Store, restart.
My Server is also using self signed certificates and is working with iOS device (Trust Profile needed first). -
How to use self-signed Certificate or No-Check-Certificate in Browser ?
Folks,
Hello. I am running Oracle Database 11gR1 with Operaing System Oracle Linux 5. But Enterprise Manager Console cannot display in Browser. I do it in this way:
[user@localhost bin]$ ./emctl start dbconsole
The command returns the output:
https://localhost.localdomain:1158/em/console/aboutApplication
Starting Oracle Enterprise Manager 11g Database Control ... ...
I open the link https://localhost.localdomain:1158/em/console/aboutApplication in browser, this message comes up:
The connection to localhost.localdomain: 1158 cannot be established.
[user@localhost bin]$ ./emctl status dbconsole
The command returns this message: not running.
[user@localhost bin]$ wget https://localhost.localdomain:1158/em
The command returns the output:
10:48:08 https://localhost.localdomain:1158/em
Resolving localhost.localdomain... 127.0.0.1
Connecting to localhost.localdomain|127.0.0.1|:1158... connected.
ERROR: cannot verify localhost.localdomain's certificate, issued by `/DC=com/C=US/ST=CA/L=EnterpriseManager on localhost.localdomain/O=EnterpriseManager on localhost.localdomain/OU=EnterpriseManager on localhost.localdomain/CN=localhost.localdomain/[email protected]':
Self-signed certificate encountered.
To connect to localhost.localdomain insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
A long time ago when I installed Database Server Oracle 11gR1 into my computer, https://localhost.localdomain:1158/em in Browser comes up this message:
Website certified by an Unknown Authority. Examine Certificate...
I select Accept this certificate permanently. Then https://localhost.localdomain:1158/em/console/logon/logon in Browser displays successfully.
But after shut down Operating System Oracle Linux 5 and reopen the OS, https://localhost.localdomain:1158/em/console/logon/logon in Browser returns a blank screen with nothing, and no more message comes up to accept Certificate.
My browser Mozilla Firefox, dbconsole, and Database Server 11gR1 are in the same physical machine.I have checked Mozilla Firefox in the following way:
Edit Menu > Preferences > Advanced > Security > View Certificates > Certificate Manager > Web Sites and Authorities
In web sites tab, there is only one Certificate Name: Enterprise Manager on localhost.localdomain
In Authorities tab, there are a few names as indicated in the above output of wget.
My question is: How to use self-signed certificate and no-check-certificate in Mozilla Firefox for EM console to display ?
Thanks.Neither problem nor solution do involve Oracle DB
root cause of problem & fix is 100% external, detached, & isolated from Oracle DB.
This thread is OFF TOPIC for this forum. -
Hi,
I have got a theoretical question: Is it right to use self-signed certificate in production environment?
We don't want to use this cert. for authentication but for SSL decryption. Is this a good solution?
Thanks!
V.Hi Rick,
May be I was not completely clear in my wordings :)
VPN connection is not a mandate. The VPN connection already existed between our organization and the provider service (instead of going over the internet) and hence the security person in our organization was fine with us using self signed certificates.
I gave you a scenario where the use of self signed certs was authorized. And also once more scenario where using self signed certs in test environments is not allowed.
Two contrasting thoughts, so basically it is up to the perception of the security people to assess the risk and give a go ahead.
Personally I feel that if the communication channel is secure between the systems (2 way ssl) then using self signed certs for message encryption might be fine.
If the channel is not secured (may be even 1 way SSL), I would prefer using CA certified certs.
Hope I make more sense now :)
Thanks,
Patrick -
How to erase all self signed certificates and force Server to use Signed SSL
I have been using a poorly managed combination of self-signed SSL certificates and a free one. I have purchased a good SSL from Digicert and am trying to configure the server to use it across the board. All of the services seem to be using it, but when I try to manage the server remotely, I seeing a self-signed certificate instead.
I look under the system keychain in K-Access and there are several self signed certificates there (including the one that I am seeing when I try to remote manage).
Can I replace those self-signed certs with the new one some how?Don't delete those. However, you are on the right track. Follow these steps to resolve.
1: Launch Keychain Access
2: Select the System Keychain
3: Find the com.apple.servermgrd IDENTITY PREFERENCE (looks like a contact card) and double click to open it
4: In the Preferred Certificate popup, change com.apple.servermgrd to your purchased certificate
5: Press Save Changes to save.
6: Reboot the server or kill the servermgrd process to restart the service.
That should resolve your issue.
R-
Apple Consultants Network
Apple Professional Services
Author "Mavericks Server – Foundation Services" :: Exclusively available on the iBooks store -
How to install self-signed certificate with iOS 4?
I've been trying to install a self-signed certificate in iOS 4 with no avail. I have a webserver at home in which I connect to via SSL using a self-signed cert. It used to work in 3.1.3; it would kick out a dialog, but you were able to continue to the page. Now with iOS 4, that is no longer the case, I am unable to view the site.
I have tried several things. I have tried emailing the cert. to myself and installing it. I get it installed but says it's untrusted and am not able to view the site. I have tried converting my .pem that is on my server to .p12 and that didn't work. I tried going to the site in Safari on my Mac and adding the cert. to the keychain and then syncing; that didn't work. I tried taking that cert. in the keychain, making sure it was trusted, exporting it to .cer and adding that to a configuration profile I created in the iPhone Configuration Utility.. that did not work despite the fact that it showed it as trusted. Am I doing something wrong or missing something here?I've been trying to install a self-signed certificate in iOS 4 with no avail. I have a webserver at home in which I connect to via SSL using a self-signed cert. It used to work in 3.1.3; it would kick out a dialog, but you were able to continue to the page. Now with iOS 4, that is no longer the case, I am unable to view the site.
I have tried several things. I have tried emailing the cert. to myself and installing it. I get it installed but says it's untrusted and am not able to view the site. I have tried converting my .pem that is on my server to .p12 and that didn't work. I tried going to the site in Safari on my Mac and adding the cert. to the keychain and then syncing; that didn't work. I tried taking that cert. in the keychain, making sure it was trusted, exporting it to .cer and adding that to a configuration profile I created in the iPhone Configuration Utility.. that did not work despite the fact that it showed it as trusted. Am I doing something wrong or missing something here? -
How to use self-signed certificate to verify others certificate?
the self-signed certificate and keys acts as CA like VeriSign
alias =SelfSignCA
keystore = SelfSignLib
certificate = SelfSign.cer
certificate to be verify
alias = companyCA
certificate = companyLib
csr file = company.csr
how to use keytool to verify/sign the company certificate?thank you.Well, this might not be much help, but for 10g, on AIX, docID 1171558.1 describes how to create a new certificate.
Not sure how relevant it will be for 11g, sorry :( -
Avoid an alert with using self-signed certificate
Hi
I want to publish a free product and I would like to use a free self-signed certificate
But during installing, the Adobe Exstension Manager shows an alert
Where is a way how to avoid this alert with using a self-signed certificate (I generated certificate with help of Adobe Exchange Packager) or I should only use a paid code-signed certificate?
Best regards
MaximAs I understund, "Show warning when instaling..." this option available only for end user in Exstantion manager, right? It means there is no way how to switch off this warning if I use ucf.jar tool for packing ZPX and an user uses default setting on this end. When, only one way is left - to buy a payed certificate, even for free product. Correct?
-
Flyspray email notification using self signed certificates
Hi all, I've been having an issue with flyspray sending notification emails through a SMTP server (running on localhost) which uses submission (port 587) and starttls with a self signed certificate. Whenever a notification would be sent I receive an error like the following:
Notice: Undefined property: Swift_Transport_StreamBuffer::$_sequence in /usr/share/webapps/flyspray/includes/external/swift-mailer/classes/Swift/Transport/StreamBuffer.php on line 236 Warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in /usr/share/webapps/flyspray/includes/external/swift-mailer/classes/Swift/Transport/StreamBuffer.php on line 102 Completely unexpected exception: Unable to connect with TLS encryption
This should never happend, please inform Flyspray Developers
For the time being I just disabled notification all together. But this is a pretty big problem for me as I would like to avoid having to come to the web to view bugs I'm working on. Eventually I will create my own personal CA and this problem will become a non-issue, but until the time comes I'd love a work around (preferably not too dirty if at all possible).
Thanks for the help.H Jerome,
The certificate may have been generated incorrectly but I would suggest logging
a support case.
Kind Regards,
Richard Wallace
Senior Developer Relations Engineer
BEA Support.
"Jerome Cahuzac" <[email protected]> wrote:
>
>
>
I want to enable HTTPS protocol with WebLogic Server 5.1
I want to use a self signed certificate generated with the JDK keytool.
I've successfuly generated it and exported a dummy.cer file.
I've updated the weblogic.properties file with weblogic.security.certificate.server=dummy.cer
and I've got this exception
java.lang.NullPointerException:
at weblogic.security.RSAKey.toString(RSAKey.java:203)
at java.lang.String.valueOf(String.java, Compiled Code)
at java.lang.StringBuffer.append(StringBuffer.java, Compiled
Code)
at weblogic.security.X509.toString(X509.java:261)
at java.lang.String.valueOf(String.java, Compiled Code)
at java.lang.StringBuffer.append(StringBuffer.java, Compiled
Code)
at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.java:206)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java,
Compiled
Code)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.Server.startServerDynamically(Server.java:99)
at weblogic.Server.main(Server.java:65)
at weblogic.Server.main(Server.java:55)
at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
at java.lang.Thread.run(Thread.java:479)
mar. dÚc. 18 12:20:03 GMT+01:00 2001:<E> <SSLListenThread> Security Configuration
Problem with SSL server certificate file (d:\weblogic\myserver\dummy.cer)
What's the right way to do this ? -
MTLS using self-signed certificates
We have a Expressway-C and Expressway-E setup in labs. While setting up a secure (TLS) traversal zone between C and E, can we use self-signed certs instead of trusted CA certs? (Import the C self-signed cert on to E and vice-verse will suffice for MTLS?)
H Jerome,
The certificate may have been generated incorrectly but I would suggest logging
a support case.
Kind Regards,
Richard Wallace
Senior Developer Relations Engineer
BEA Support.
"Jerome Cahuzac" <[email protected]> wrote:
>
>
>
I want to enable HTTPS protocol with WebLogic Server 5.1
I want to use a self signed certificate generated with the JDK keytool.
I've successfuly generated it and exported a dummy.cer file.
I've updated the weblogic.properties file with weblogic.security.certificate.server=dummy.cer
and I've got this exception
java.lang.NullPointerException:
at weblogic.security.RSAKey.toString(RSAKey.java:203)
at java.lang.String.valueOf(String.java, Compiled Code)
at java.lang.StringBuffer.append(StringBuffer.java, Compiled
Code)
at weblogic.security.X509.toString(X509.java:261)
at java.lang.String.valueOf(String.java, Compiled Code)
at java.lang.StringBuffer.append(StringBuffer.java, Compiled
Code)
at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.java:206)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java,
Compiled
Code)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.Server.startServerDynamically(Server.java:99)
at weblogic.Server.main(Server.java:65)
at weblogic.Server.main(Server.java:55)
at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
at java.lang.Thread.run(Thread.java:479)
mar. dÚc. 18 12:20:03 GMT+01:00 2001:<E> <SSLListenThread> Security Configuration
Problem with SSL server certificate file (d:\weblogic\myserver\dummy.cer)
What's the right way to do this ? -
Using self-signed certificates for HTTPS
I want to enable HTTPS protocol with WebLogic Server 5.1
I want to use a self signed certificate generated with the JDK keytool.
I've successfuly generated it and exported a dummy.cer file.
I've updated the weblogic.properties file with weblogic.security.certificate.server=dummy.cer
and I've got this exception
java.lang.NullPointerException:
at weblogic.security.RSAKey.toString(RSAKey.java:203)
at java.lang.String.valueOf(String.java, Compiled Code)
at java.lang.StringBuffer.append(StringBuffer.java, Compiled Code)
at weblogic.security.X509.toString(X509.java:261)
at java.lang.String.valueOf(String.java, Compiled Code)
at java.lang.StringBuffer.append(StringBuffer.java, Compiled Code)
at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.java:206)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java, Compiled
Code)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.Server.startServerDynamically(Server.java:99)
at weblogic.Server.main(Server.java:65)
at weblogic.Server.main(Server.java:55)
at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
at java.lang.Thread.run(Thread.java:479)
mar. dÚc. 18 12:20:03 GMT+01:00 2001:<E> <SSLListenThread> Security Configuration
Problem with SSL server certificate file (d:\weblogic\myserver\dummy.cer)
What's the right way to do this ?
[dummy.cer]H Jerome,
The certificate may have been generated incorrectly but I would suggest logging
a support case.
Kind Regards,
Richard Wallace
Senior Developer Relations Engineer
BEA Support.
"Jerome Cahuzac" <[email protected]> wrote:
>
>
>
I want to enable HTTPS protocol with WebLogic Server 5.1
I want to use a self signed certificate generated with the JDK keytool.
I've successfuly generated it and exported a dummy.cer file.
I've updated the weblogic.properties file with weblogic.security.certificate.server=dummy.cer
and I've got this exception
java.lang.NullPointerException:
at weblogic.security.RSAKey.toString(RSAKey.java:203)
at java.lang.String.valueOf(String.java, Compiled Code)
at java.lang.StringBuffer.append(StringBuffer.java, Compiled
Code)
at weblogic.security.X509.toString(X509.java:261)
at java.lang.String.valueOf(String.java, Compiled Code)
at java.lang.StringBuffer.append(StringBuffer.java, Compiled
Code)
at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.java:206)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java,
Compiled
Code)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.Server.startServerDynamically(Server.java:99)
at weblogic.Server.main(Server.java:65)
at weblogic.Server.main(Server.java:55)
at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
at java.lang.Thread.run(Thread.java:479)
mar. dÚc. 18 12:20:03 GMT+01:00 2001:<E> <SSLListenThread> Security Configuration
Problem with SSL server certificate file (d:\weblogic\myserver\dummy.cer)
What's the right way to do this ? -
Steps to create your own self signed certificate with java plugin working
You need two tools that comes with your jdk which are keytool and jarsigner.
Steps explain below in detail. Don't use netscape signtool, it will NEVER work!
* keytool -genkey -keyalg rsa -alias tstkey -keypass 2br2h2m -dname "cn=Test Object Signing Certificate, o=AI Khalil, ou=Java Products, c=AU"
cn = Certificate name
o = organistation
ou = organistation unit
c = country (first two letters)
If don't put the -dname, you can fill it line by line.
The -keypass has to be verify at the end, and you have to wait for it to create the rsa signing keys.
On NT by default it will put the alias information at D:\WINNT\Profiles\Administrator (if log in as administrator) with the default file called ".keystore". Windows 98 etc, don't know, search for .keystore
file. When you update it, check for the timestamp change and you know if you at the right spot.
You can store your alias information via the -storepass option to your current directory you work on, if you don't want to update the default .keystore file?
The .keystore contains a list of alias so you don't have to do this process again and again.
Another tip if you want your certificate encryption validity to be more than the default one month is simply
add the -validity <valDays>, after the -genkey option, to make your certificate usage for encryption to last much longer.
Note: You MUST use the -keyalg rsa because for starters the rsa encyption alogorthim is supported on ALL browsers instead of the default DSA and the other one SHA. Java plugins must work with the RSA algorthim when signing applets, else you will get all sorts of weird errors :)
Do not use signtool because thats a browser dependant solution!! Java plugin is supposed to work via running it owns jre instead of the browser JVM. So if you going to use netscape signtool, it starts to become a mess! ie certificate will install, but applet won't start and give you funny security exception errors :)
* keytool -export -alias tstkey -file MyTestCert.crt
It will read the alias information in the .keystore information picking up the rsa private/public keys info and
create your self sign certificate. You can double click this certificate to install it? But don't think this step is needed but maybe for IE? Someone else can check that part.
If you make a mistake with the alias, simply keytool -delete -v -alias <your alias key>
If not in default .keystore file, then simply keytool -delete -v -alias <your alias key> -keystore <your keystore filename>
* Put your classes in your jar file, my example is tst.jar.
* jarsigner tst.jar tstkey
Sign your testing jar file with your alias key that supports the RSA encryption alogorthim.
* jarsigner -verify -verbose -certs tst.jar
Check that its been verified.
The last step is the most tricky one. Its to do with having your own CA (Certified Authority) so you don't
have to fork out money straight away to buy a Verisign or Twarte certificate. The CA listing as you see in
netscape browsers under security/signers, is NOT where the plugin looks at. The plugin looks at a file called
CACERTS. Another confusion is that the cacerts file is stored in your jre/lib/security AND also at your
JavaSoft/Jre/<Java version>/lib/security. When you install the Java plugin for the first time in uses your
JavaSoft folder and its the cacerts file that has to be updated you add your own CA, because thats where
the plugin look at, NOT THE BROWSER. Everything about plugin is never to do with the browser!! :)
* keytool -import -file MyTestCert.crt -alias tstkey -keystore "D:\Program Files\JavaSoft\JRE\1.3.1\lib\security/cacerts"
Off course point to your own cacerts file destination.
Password to change it, is "changeit"
Before you do this step make a copy of it in its own directory in case you do something silly.
This example will add a CA with alias of my key called "tstkey" and store to my example destination.
* keytool -list -v -keystore "E:/jdk/jdk1.3/jre/lib/security/cacerts"
List to see if another CA is added with your alias key.
Your html, using Netscape embed and Internet explorer object tags to point to the java plugin,
your own self sign applet certificate should work
Cheers
Abraham KhalilI follow Signed Applet in Plugin, and it's working on
my computer. Thanks
But When I open my applet from another computer on
network, why it does not work ..?
How to make this applet working at another computer
without change the policy file ..?
thanks in advance,
AnomYou must install the certificate on that computers plugin. Can this be done from the web? can anyone suggest a batch file or otherwise that could do this for end users?
I want a way for end users to accept my cert as Root or at least trust my cert so I dont have to buy one. I am not worried about my users refusing to accept my cert. just how do I make it easy for them? IE you can just click the cert from a link, but that installs for IE, and not the plugin where it needs to be.
Maybe you are looking for
-
Ive tried deleting bonjour so far restarting my computer and such.
-
How SAP captured the RAW MAT amount from Local currency to JPY.
Hi All, I've class 1 material when perform maintained receipt found the RAW Mat material was posting wrong figure when convert from Local Currency RM to JPY. Exp: my RAW MAT amount is material standard price x qty. Let said my standard price is RM9.6
-
I have an older iMac and I am trying to get an update of iPhoto. Currently I have iPhoto 6.0.6. I thought it would automatically update to the newer versions of iPhoto when I upgraded to OS X? Do I have to purchase this as an extra? iPhoto '11 was
-
There's no reset button on my ipad
I want to reset my ipad for my kid, but there's no RESET button under GENERAL. Why is this and how do I factory reset
-
FSD Value getting rounded off in ECC
Hi Experts I am facing an issue at the time of transferring the FSD document from TM to ECC. My FSD has 3000 USD value (approx) but at the time when it goes to ECC this value gets converted to 30 USD only i.e. the Service PO & Service entry sheet g