Setting up the keystore for Rampart

Hi Vibor, On Mon, 2007-04-30 at 06:29 -0700, vibsha wrote: > I was referring to your article available at the following link. > > http://wso2.org/library/174 > > and > > http://wso2.org/library/255 > > One thing that i need clarification on was that why do we need to import the client certifcate in to our key store when the consumer of the web service would provide it's certifcate in soap message itself. If the client provides the certificate in the SOAP message we don't have to import client's certificate into the keystore. However clients can send messages without including the certificate, i.e. they can just indicate the Subject-Key-Identifier (SKI) of the certificate in the SOAP message. If your web service is going to supporting SKI for clients, their certificates must be in the keystore. > I looked at the certifcates also which have been provided along with the samples of rampart and when i used the following command > > keytool -list -v -keystore service.jks -storepass apache > > i saw that there are three enteries > > Alias name: service > Creation date: Jul 21, 2006 > Entry type: keyEntry > Certificate chain length: 2 > > Alias name: ca > Creation date: Jul 21, 2006 > Entry type: trustedCertEntry > > Alias name: client > Creation date: Jul 21, 2006 > Entry type: trustedCertEntry > > so it shows that there exists a client certifcate too. > The key store still has the private key but it is hidden right? "Entry type: keyEntry" - This is the private key > what does Certificate chain length: 2 mean? This means chain length is 2. > Now coming to the main question > > We are getting our testing certificates from comodo (www.comodo.com) > > they have mentioned the instructions to generate the key pair as follows > > https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=3&nav=0,1 > > This article talks about using an openssl to create the key pair > > now if i have to maintain a key store in the similar fashion described in your article how should we go about doing that? > > I looked at the keytool utility provided by JDK and it does not show how to import the private key into the key store that would be generated from the link specified above. Any help would really be appreciated. I went through the article. Here the private key is in pem format, so the question is how to import private keys in pem format into the keystore. I think Ruchith will be able help you on this matter or I will investigate the matter further and let you know. Cheers, Dimuthu _______________________________________________ Identity-dev mailing list Identity-dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/identity-dev

Thanks a lot Dimuthu If you can please help in importing the PEM in th keystore that would really be helpfull. Thanks Vibhor

Hi Vibhor I could not find a command to import the private key into jks, but I did find another way. This article http://www.comu.de/docs/tomcat_ssl.htm has a java program that will help you to import the private key and the associated certificate into a java key store. Cheers, Dimuthu On Fri, 2007-05-04 at 06:39 -0700, vibsha wrote: > Thanks a lot Dimuthu > If you can please help in importing the PEM in th keystore that would really be helpfull. > > Thanks > Vibhor > > _______________________________________________ > Identity-dev mailing list > Identity-dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/identity-dev _______________________________________________ Identity-dev mailing list Identity-dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/identity-dev