Keytool with SKI

Similar Messages

• Web Service (SSL) and certificates (keytool) with INternet Explorer

  Hi,
  Followed this steps http://www.grallandco.com/blog/archives/2006/10/using_htts_with.html to have a secure SSL WEb service (with client authorization).
  Tested from Jdeveloper it worked O.K.
  Now I would like to test it with Internet explorer, but now server ask for certificate before internet show parameters page to invoke Web Service.
  I generated self signed certificates and keystore using keytool. (This keystore is used by the OC4J and my proxy client).
  Imported this certificate (.cer) to internet explorer succesfully, but when access URL for the web service (https) internet does not show this certificate to use it, so failed to connect...
  keytool certificates could be used by INternet explorer for this purposes?, what am I doing wrong?
  Thanks
  J.

  Hi,
  I already configured HTTPS - client authenticate for OC4J, and you can work with follow step:
  1: Create keystore for OC4J by java keytool
  2: Using openssl to create certificate for your server (privatekey, certificate)
  3. Using keytool to import your server's certificate (2) to keystore (1)
  4. Generate client certificate (4)
  5. Sign on client certificate (4) by privatekey and server certificate (20
  6. Import client certificate to windows - (should create keystore with format pkcs12)
  You can using "Java Certificate Services" to help you create keystore with multi format or sign cert....
  Rgs

• How do we create certificate with .pem extension using keytool

  Hai all,
  please tell me the procedure to create certificates using keytool with .pem extension.

  I dont think keytool can do this, try OpenSSL:
  openssl pkcs12 -in test.p12 -out test.pem
  David

• Keytool generated keys portable to other platforms?

  I generated asymmetric keys using Java Keytool on Windows NT. Are the keys portable to Unix ? Also, can programs like Perl, ASP read these keys? Thank you.

  This is not completely correct. Key tool does not allow export of
  private keys. It is a real drag for developers.You no need to export anything. BTW, PKCS#12 keystore could be created by using keytool with appropriate JCE provider with PKCS#12 support. Then you can open it on other platform, that supports PKCS#12 (i.e. mozilla or msie web browsers can do it). For more detail on PKCS#12 refer to OpenSSL PKCS#12 FAQ. http://www.drh-consultancy.demon.co.uk/pkcs12faq.html

• Configuring BI Publisher with BI Server on SSL

  I am trying to configure BI Publisher 10.1.3.4 with a BI Server that is configured in SSL.
  The options we have for appending the connection string are:
  <Property Name>:= <Catalog>|<User>|<Password>|<SSL>|<SSLKeyStoreFileName> |<SSLKeyStorePassword>|<TrustAnyServer>|<TrustStoreFileName >|<TrustStorePassword>|<LogLevel>|<LogFilePath>|<PrimaryCCS>|<PrimaryCCSPort>| <SecondaryCCS>|<SecondaryCCSPort>
  eg:ssl=true;sslKeystorefilename=<path and filename of keystore>;sslKeystorepassword=<password of keystore and key>;trustanyserver=true;
  How should we configure this if we do not have a keystore on BI Server with SSL.
  We only have a cacert.pem,server-req.pem,server-cert.pem,server-key.pem,serverpwd.txt and cacert.pem..

  We have got the solution for this issue.
  We need to generate a certificate thro a keytool with a Distinguished Name associated with it.
  Certifying it with self cert of keytool and import the certified certificate into the jave a keystore cacerts and modifying the web site that directs the url to the Publisher Application.
  Steps below:
  C:\OracleBI\oc4j_bi\j2ee\home\config>keytool -genkey -keyalg RSA -keystore sslfile -storepass obiee123 -alias testalias5
  What is your first and last name?
  [Unknown]: shravan
  What is the name of your organizational unit?
  [Unknown]: unit
  What is the name of your organization?
  [Unknown]: Org
  What is the name of your City or Locality?
  [Unknown]: BU
  What is the name of your State or Province?
  [Unknown]: MA
  What is the two-letter country code for this unit?
  [Unknown]: US
  Is CN=shravan, OU=unit, O=Org, L=BU, ST=MA, C=US correct?
  [no]: yes
  Enter key password for <testalias>
  (RETURN if same as keystore password):
  C:\OracleBI\oc4j_bi\j2ee\home\config>keytool -selfcert -keystore sslfile -storepass obiee123 -alias testalias
  C:\OracleBI\oc4j_bi\j2ee\home\config>keytool -list -keystore sslfile -rfc
  Enter keystore password: obiee123
  Keystore type: jks
  Keystore provider: SUN
  Your keystore contains 1 entry
  Alias name: testalias
  Creation date: Dec 31, 2008
  Entry type: keyEntry
  Certificate chain length: 1
  Certificate[1]:
  -----BEGIN CERTIFICATE-----
  MIICMDCCAZkCBElbp/wwDQYJKoZIhvcNAQEEBQAwXzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1B
  MQswCQYDVQQHEwJCVTEUMBIGA1UEChMLT3JhY2xlIENvcnAxEDAOBgNVBAsTB1N1cHBvcnQxDjAM
  BgNVBAMTBUJpbmR1MB4XDTA4MTIzMTE3MTIyOFoXDTA5MDMzMTE3MTIyOFowXzELMAkGA1UEBhMC
  VVMxCzAJBgNVBAgTAk1BMQswCQYDVQQHEwJCVTEUMBIGA1UEChMLT3JhY2xlIENvcnAxEDAOBgNV
  BAsTB1N1cHBvcnQxDjAMBgNVBAMTBUJpbmR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDL
  yBssKV4mneXMpvIJbAdlVUe2PkWTKYNjs52mEa6a05kbgUstvtL1OAMErycLZUwe4I0q/PKEKZ6K
  4e3AITnUugeHBIxki62DIZcMpHq5NgbqKuEFboBZJeRZgTy61aBfEWIclWpUi0BblXpUZCv0KYAV
  QgSVh71QDJJGyUjTgwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAHNnUcwia4abj5pJ97uPtbtiKB4b
  6Yx6G/RDf67jwThvvOHgYBo9ue+4s+VXAoNXp7NwFlLTvv0OopSq8IQvQyFy/cTpqYMT4In0t+u+
  0VaKXeL+sMwi3wRYI0RYbMy6NwxGLekjEHLaZa4IXoR8koD69TJLwXk92h48vnLI3YnB
  -----END CERTIFICATE-----
  C:\OracleBI\oc4j_bi\j2ee\home\config>keytool -export -alias testalias -keystore sslfile -file myfile.crt
  Enter keystore password: obiee123
  Certificate stored in file <myfile6.crt>
  C:\OracleBI\oc4j_bi\j2ee\home\config>
  C:\Program Files\Java\jdk1.5.0_14\jre\lib\security>keytool -import -trustcacerts -alias testalias6 -file myfile6.crt -keystore cacerts -storetype JKS
  Enter keystore password: changeit
  Owner: CN=shravan, OU=unit, O=Org, L=BU, ST=MA, C=US
  Issuer: CN=shravan, OU=unit, O=Org, L=BU, ST=MA, C=US
  Serial number: 495ba7fc
  Valid from: Wed Dec 31 10:12:28 MST 2008 until: Tue Mar 31 11:12:28 MDT 2009
  Certificate fingerprints:
  MD5: 14:B5:82:73:8B:9F:DF:D5:8D:BF:69:A8:DC:AA:E1:43
  SHA1: 4E:8B:34:8D:76:BE:83:81:CF:3E:9F:5D:6C:C0:44:55:6B:58:71:81
  Trust this certificate? [no]: yes
  Certificate was added to keystore
  Also modify the web-site on j2ee/home/config and server.xml appropritately to access the site on https.
  secure-web-site shld be appended with : port=4443, protocol=http, secure="true"
  server.xml shld be added with this secure-web-site to make the app work on SSL...

• How to create manual key for AES with 256 key size

  we are just finding Different Approch for secure Key Genration and Store.
  For security purpose which way would be secure to store key in database and retrive that key.
  And can u tell me how to create secure maual key.
  Database user has access they should not able to find the what key we are using .
  Anybody has idea.

  1) Use 'keytool' with option -genseckey
  2) Use SecureRandom and store in a Java Keystore.
  3) Use a Secure Random with something like http://www.strongkey.org/
  4) Use hardware encryption such as produced by nCipher and others.
  There are many other approaches and I would suggest that you bring in an expert to advise you.

• Problem connecting to HTTPS host with self signed certificate

  I have set up a tomcat server with SSL running in a vmware on my machine using a self signed certificate. I can connect to this no problem with a browser from my main machine with the url https://myserver:8443.
  However, I am not able to connect with a Java client. I always get the below exception. I read that I need to add it as a trusted certificate in the keystore. I went to the site with firefox and saved the certificate as a .cer file, and imported it into the default keystore at c:\users\louis\.keystore. I still have the same problem. I think the problem is the client is not using the keystore, and I don't know how to make it do so. I tried adding the following argument to the run command:
  -Djavax.net.ssl.trustStore=c:\users\louis\.keystore -Djavax.net.ssl.trustStorePassword=changeit
  but it doesn't help.
  Here is the exception I'm getting:
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
       at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
       at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
       at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
       at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
       at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1049)
       at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
       at Test.main(Test.java:39)
  Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
       at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
       at sun.security.validator.Validator.validate(Validator.java:218)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
       ... 12 more
  Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
       at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
       at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
       ... 18 more

  I have worked around this problem by configuring the Java client to trust all certificates and disabling hostname verification. That way I don't need a trust store. I'll just have to remove that code in production. Not ideal since I'd rather have certificate/hostname verification working for testing, but it works at least.
  I have looked at the Java security documentation and as far as i can tell a keystore and trust store is still basically the same type of file and created the same way with the keytool. The difference is when you import a cert you use the -trustcacerts option. The client 'keystore' is only being used to store the trusted cert, so it essentially is a trust store. This is documented in the keytool doc for the command -importcert.
  http://download.oracle.com/javase/6/docs/technotes/tools/windows/keytool.html
  I actually think my problem is more to do with the hostname, since my server doesn't have a real domain hostname like www.myserver.com. I am just using the machine name for the host, although web browsers do not have a problem with this. When I set my java client to trust all certs, I was getting the following error:
  java.io.IOException: HTTPS hostname wrong
  Disabling hostname verification fixed this, so I'm wondering if my cert has the wrong hostname. I originally created the self signed cert using the keytool with the command -genkey, which creates a key pair and also a self signed cert. I looked at the keytool docs, and I don't see any way of specifying the hostname or even seeing what the host name of a cert is. What does it put as the hostname by default? The IP address or machine name, or am I understanding this wrong?

• SSL handshake failed: X509CertChainIncompleteErr - How to call secure WS?

  Hi all, I'm trying to use a third party web service over SSL. I'm using jdk 1.5.0_11 and jDev 10.1.3.0.4.
  Here is what I've done so far:
  1 - I generated a web service proxy using jDev's wizard.
  2 - I created a simple keystore with keytool with the following cmd:
  keytool -genkey -keystore techdspc.keystore -storepass ****** . I copied the .keystore file in my project under the src directory.
  3 - I used the wizard "Secure Proxy" on my web service with the following options:
  - "Use x509 to authenticate"
  - I specified my newly created keystore file as the keystore path as well as the password.
  - I left the default choice to all the other options.
  Once the files were all created by the wizard, I tried out the proxy and got the following error:
  ATTENTION: Unable to connect to URL: https://test.eai.adpclaims.com/WSProxy/WS_Proxy.asmx due to java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
  java.rmi.RemoteException: ; nested exception is:
       HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: javax.net.ssl.SSLException: SSL handshake failed: X509CertChainIncompleteErr
       at audatex3.runtime.WSProxySoap_Stub.transmit(WSProxySoap_Stub.java:679)
       at audatex3.WSProxySoapClient.transmit(WSProxySoapClient.java:83)
       at audatex3.WSProxySoapClient.main(WSProxySoapClient.java:43)
  The owner of the Web Service told me that the error is without a doubt on the proxy side. Si my question is: What am I doing wrong?
  Your help will be greatly appreciated.
  thanks!

  I tried generating an other keystore with a slightly different cmd and I still get the same error so this does not seem to be the problem...
  Any ideas?¸
  Thanks

• Unable to get SSL + Tomcat working correctly

  Hi All,
  Issue: Enabled SSL on Tomcat. First HTTPS request to JSP works, all HTTPS requests to JSPs after the first request fail (sever not found - page cannot be displayed error). The error does not get logged in the log files. The same JSPs work fine with HTTP.
  Background info:
  1. Installed Tomcat 4.1.24
  2. Installed J2sdk1.4.1_01 (includes JSSE)
  3. Created a .keystore using keytool
  With the default .keystore the HTTPS requests to JSPs work fine.
  4. Imported the server cert (given by our internal security folks) using
  keytool -alias key skey - import -file server.crt.der
  Upon accessing the JSPs using HTTPS. I am getting an error: Could'nt find trusted certs.
  5. I also imported the CA cert into .keystore using
  keytool -alias cakey -import -file ca.crt.der - trustcacerts
  I still get the error: Couldnt find trusted certs.
  Could any one please help me figure out why I am getting this error.
  NOTE: I had to convert the certs (given by our internal security folks) from pkcs12 format to x509 and I had used Openssl 0.9.6g for that.
  Thank you,
  -Bala

  Okay, my post did not fully qualify why
  I suggested explicitly locating your keystore
  file.
  The tomcat source uses:
  private String keystoreFile =
  System.getProperty("user.home") + File.separator + ".keystore";
  to identify the location of the keystore file.
  A simple java program that echo's the user.home property will
  tell you exactly where tomcat is looking for the keystore. Often
  it is easier to explicitly locate the keystore file so you can
  run the tomcat process from your developer user and you know
  exactly which keystore you're using.
  If you look at the SSLServerSocketFactory code in the tomcat/catalina
  source you can see how it derives the values for parameters it
  uses to configure the SSL socket.
  -Steve

• Trying to Understand Interfaces

  Hi all,
  As you might expect, I am new to JAVA. I have read the basics tutorial on interfaces and also the object oriented programming basics tutorial. I understand that you can't implement methods or variables in interfaces, etc. Here is what I am struggling with:
  A friend has written a class that uses the JNDI classes to query an LDAP service for person information and update database information. I notice that the query returns an object of type NamingEnumeration. But this is an interface, not a class. When he gets the items/elements from the Enumeration, he uses a (Attributes) to cast the results to their proper type.
  So, if I am writing a class and want to implement the NamingEnumeration interface over my class... and if I want to retrieve that class by its NamingEnumeration interface, rather than its actual class...how would I create a method that does this.
  My first attempt at creating this class went like this:
  public class DocumentEnumeration extends DocumentCollection implements NamingEnumeration
  If I called the .next method of my class, I would return a type Document. So far I don't know how to retrieve this DocumentEnumeration as a NamingEnumeration, and I received an error in my IDE about the constructor with arguments () is not visible. I did not understand this error either.
  Any help would be appreciated,
  Jeff

  DrClap's responses are all correct and to the point. Let me add a preface. Forget everything you've read, close your eyes and say "interfaces are dead simple!" about a hundred times. They are.
  An interface is a bundle of related capabilities. For example, I am a male homo sapiens (my class). I ski and play tennis - these are things I can do. As a Skier I have methods like buckleBoots(), getOnLift(), getOffLift() and skiDownHill(). All skiers implement these methods.
  TennisPlayers implement a different set of methods: serve(), volley() and so on. Some TennisPlayers may also implement Skier and some Skiers may implement TennisPlayer, but if an object of class LiftAttendant is going to call our getOnLift() method, it doesn't care about serve() or volley(). It knows that we have the handful of methods that concern LiftAttendants.
  Note that many different classes can implement an interface. Certainly some female homo sapiens implement Skier. I've also seen some apes and hot dogs implementing Skier.
  The Runnable interface defines just one method: public void run(). A Runnable is any class that claims it implements Runnable. If the class declaration claims that it implements Runnable, the compiler won't generate a .class file unless the class defines a public void run() method. When you pass a Runnable to a Thread, the Thread knows exactly one thing about the Runnable, that it has a public void run() method which the Thread can call after it is started. The Thread has no clue what it might be running, but because the object is a Runnable it can correctly call whatever.run().
  Why might a well-written method return an Interface type, not a class? Generality. The LiftAttendant need only know that an object has a getOnLift() method. So anything the implements Skier will be fine for the LiftAttendant.
  So an interface defines a set of methods (as few as one) that, taken together, constitute a capability. A class that implements these methods can claim to implement the interface, and other objects that care about that capability can say they work with Skier, or Runnable or whatever, so that they can handle lots of different things, not worrying about all the other things their Objects might implement or be.
  Very simple. Very powerful.

• Unsupported key type: Sun DSA Public Key

  Hi all,
  Does anyone know how to use the SHA1withDSA algorithm with WSS4J/Axis?
  When using a private key generated by keytool with type DSA, I get the errors:
  org.apache.ws.security.WSSecurityException: Cannot encrypt data
  Caused by: java.security.InvalidKeyException: Unsupported key type: Sun DSA Public Key
  It seems I have to generate the key using type RSA.
  Regards,
  Alex
  Edited by: ao on 2012-mar-12 12:53

  DSA (Digital Signature Algorithm) keys, by definition, can only be used for digital signature and not for encryption. As EJP suggested, you must use the RSA key-type and the SHA1withRSA - I would recommend using SHA256withRSA - construct to enable message-confidentiality.
  Arshad Noor
  StrongAuth, Inc.

• Timestamping the certificate

  Is it possible to add a timestamp when I'm creating new signed applet.
  There is a problem with the signing that after the validity period there is a warning message that the certificate is out of the date. (I never want this warning dialog, I'm signing the applet when the certificate is valid!)

  Supposedly, you can specify the number of days that a cert should be valid. If you don't specify, it uses the default - which is probably what it got when it was originally created.
  When you are running keytool with the '-genkey' option you should be able to also use the '-validity' option which is a number of days for the cert to be valid. Don't know what the upper limit is. Perhaps try a huge number. It might just blow out the genkey if it is beyond is valid range of values.

• Moving files to icon at bottom of clip bin to avoid rendering files?

    I was talking to tech support about another issue. The tech guy showed me a cool feature new to cs5. You take hd clips or others in the clip bin and drag them to the page icon at bottom of clip bin (2nd from right of magnifying glass). The clip gets a yellow line on its top and is transformed to fit your timeline so you don't have to render the raw clips. My confusion is that I do this with the first clip and it goes to the time line. But when i do another clip, it erases the previous clip off the timeline and it alone is there. On the top of the timeline are folder tabs with the names of all the clips i have processe this way. If i click on the tabs, the clip appears on the timeline but i can only get one at a time to stay there.  I am new to cs5 and am trying to figure this out. Any help is appreciated.. thanks! Tucson Skiman

  hi ann...
  the new camera is just a basic little 350 buck sony that is palm size.. it
  takes amazing quality video for such a small camera... it is perfect for my
  skiing and river rafting trips (which is what my company does) because it is
  very simple.. there is no disc drive to break... all the clips go to a flash
  card... it is perfect for what i do...
  the old footage is basic avi stuff shot with a helmet cam and sent to an
  older sony camcorder which is dv tape device.  It is not hi def, but i
  capture some truly great stuff with that camera. it is on my head and i ski
  behind really good skiers, following them at @ 5 feet. it is a real wide
  angle lense, so you have to be pretty close. But the images i have been able
  to capture for my movies over the past 7 years are really awesome... the end
  result is a ski movie about 40 minutes long with skiing , some comedy skits,
  some river and biking trip footage, and visits to European and South
  American destinations non-skiing.
  If you would like to see what i have done in the past, please go to
  www.morningstarskitours.com
  which is the site of my business. on the home page, click on the VIDEOS
  link... There are some really beautiful places to see there.  I think I
  would point you to my two favorites:  Alsek River , Alaska video and my
  Alaska Heli Skiing video.... They are about 3 minutes long each.. i think
  they will give you an idea of what i do with my movies...
  Cheers! Would love to hear your opinion on my movies.. always appreciate
  input!
  dan the ski man / president/ Morningstar Ski Tours

• New To SSL

  I have a client/server application (Not HTTP) that uses sockets to communicate with each other. Ports are opened and objects are passed from the client to the server and vise versa. I have successfully converted the application to use SSL by following the very simple example in the Java Secure Socket Extension Reference Guide. It appears that the application only works when I create a keystore and truststore; and the client and the server are initiated with the keystore and truststore options (-Djavax.net.ssl.trustStore=, -Djavax.net.ssl.keyStore=, -Djavax.net.ssl.keyStorePassword=).
  My question is: Why does the client application need anything? Again, I'm a novice with SSL. I have been doing web development for years and have created public/private keys with a CA signed certificates, and the source (a web-browser) never needs anything. It is passed the public key by Apache to do the decryption. Going back to the Java application... Is this typically how client applications connect to their server counterparts (the client needing the keystore and truststore files)? The reason I ask is that there may be many client application installations, each requiring this file. I can't see this as being reasonable to need these two files for every client installation. Secondly, this application can also run as an applet. Can the applet read these files? If it is packed in a signed JAR file then I guess one could grab the files from the JAR file.
  I would think the better approach is the private/public key encryption. The client doesn't need anything that way. If this way can be achieved, does anyone have an example of this (not using HTTP, but SSL sockets passing simple objects back and forth to each other). I want this application to be generic enough that it could be plopped into any company that requires SSL and this thing will work. I'm not sure if that is easily achievable.
  Any help appreciated.
  Thanks.
  -Jim

  Question: When I created a self-signed certificate I ran keytool with -genkey. That created a keystore with 1 key entry. Then I exported the generated certificate into a file. Then I ran keytool again with the "-import". That created a truststore.
  From what I have seen, my server application requires a keystore and a truststore. I have a CA certificate with an RSA private key . I am trying to create a keystore and a truststore, as above, so that my application can be executed against an authenticated certificate, not the self-signed one. Since I am not generating a certificate, I didn't run the keytool with the "genkey" option (and also obviously didn't export the key from the keystore since I haven't created one yet). Instead, I ran keytool with the "-import", which appears to have created a truststore (no keystore). How do I create a keystore, and where does this private key come into play (or doesn't it)? Nothing asks me for the private key file.
  Sorry if I'm asking level 1 questions. I'm trying to figure out how this all works. I really need to take a class to help me understand the components and relationships. I've read some of the docs, but I'm not quite getting it.
  -Jim

• Problem occuring when extending classes coming from 2 signed JAR

  Hi everyone,
  I have 2 signed jar called "base_signed.jar" and "extended_signed.jar" using keytool with a testing certificate generated at runtime. All goes well because with both signed JARs I can use the URLClassLoader without any java.security.AccessControlException exception.
  But the first JAR contains abstract class B, the latter JAR contains a concrete class A.
  The problem occurs when I try to instantiate some class A coming from "extended_signed.jar" using Class.forName("blablaclassA").newInstance() and occurs only if this class A extends some other abstract class B contained inside "base_signed.jar" .
  Pratically if the class A is casted as its common JVM ancestor of B (JInternalFrame) all goes well, otherwise if I try to cast A using its direct ancestor B, I receive the following exception:
  network: Connessione a http://www.orion.lan/~antares/it/weev/wipidea/plugins/MeteoradarArpavPlugin$7.class con proxy=DIRECT
  Exception in thread "AWT-EventQueue-35" java.lang.ClassCastException: it.weev.wipidea.plugins.MeteoradarArpavPlugin cannot be cast to it.weev.wipidea.base.AWipideaPlugin
       at it.weev.wipidea.base.PluginLoader.loadNetworkPlugin(Unknown Source)
       at it.weev.wipidea.applet.WipideaApplet.loadPlugin(Unknown Source)
       at it.weev.wipidea.applet.WipideaApplet$1.actionPerformed(Unknown Source)
       at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
       at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
       at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
       at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
       at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
       at java.awt.Component.processMouseEvent(Unknown Source)
       at javax.swing.JComponent.processMouseEvent(Unknown Source)
       at java.awt.Component.processEvent(Unknown Source)
       at java.awt.Container.processEvent(Unknown Source)
       at java.awt.Component.dispatchEventImpl(Unknown Source)
       at java.awt.Container.dispatchEventImpl(Unknown Source)
       at java.awt.Component.dispatchEvent(Unknown Source)
       at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
       at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
       at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
       at java.awt.Container.dispatchEventImpl(Unknown Source)
       at java.awt.Component.dispatchEvent(Unknown Source)
       at java.awt.EventQueue.dispatchEvent(Unknown Source)
       at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
       at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
       at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
       at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
       at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
       at java.awt.EventDispatchThread.run(Unknown Source)
  network: Voce cache non trovata [url: http://www.orion.lan/~antares/it/weev/wipidea/base/PluginLoader.class, versione: null]
  network: Connessione a http://www.orion.lan/~antares/it/weev/wipidea/base/PluginLoader.class con proxy=DIRECT
  network: Voce cache non trovata [url: http://www.orion.lan/~antares/it/weev/wipidea/base/network-classpath.class, versione: null]
  ---The strange thing is that if I don't sign both JARs the class A is casted on B without any exception, could for security reason like hash or other? Ideally I need all JAR signed only because I plan to load classes from all over the net, but seems that URLClassLoader throws an AccessControlException when called.
  Anyway just now I solve all using only the common JVM ancestor of A and B, but what could be the final solution?
  Thanks, bye.

  Hi Sean,
  The file in question has been signed which causes issues in both OSB directly and in Eclipse when we do an import into that tool first.Can you let us know what issues you faced? Any errors? If yes, please post the same here.
  Regards,
  Anuj
  Edited by: Anuj Dwivedi on Feb 23, 2011 9:10 PM