Sun Java System) web server

Printable View

10-07-2007, 02:04 PM
unix

trouble with self-signed SSL certificates for Solaris (iPlanet/SunOne/Sun Java System) web server

Usually for Apache under a Linux OS, I use openssl to create a
self-signed SSL certificate using instructions similar to what you
find at a helpful site like:

[url]http://www.akadia.com/services/ssh_test_certificate.html[/url]

And once generated I can copy the ssl.crt and ssl.key
files to the appropriate directory and they work fine.

But doing this same procedure for a Solaris box with Sun Java System
Web Server (formerly Sun One, formerly iPlanet) does not seem even
relevant.

I can generate the cert and key fine using the same openssl commands
(such as 'openssl req -new -key server.key -out server.csr' or
similar)
but the directory in which keys are stored has keys stored in some
other
format and they look completely different. There's a 'cert7.db' or
'cert8.db'
file, along with other .db files for the individual instances that use
SSL.

How can I convert the .key and .crt files I've made to .db files so
that iPlanet/Sun One/Sun Java System web server will recognize and use
them? Or is that even possible? Is there a better or more germaine
way
to generate self-signed SSL certs for a server that runs on a Solaris
(9 in my case) box using aforementioned web servers?

Thanks in advance to anyone who can help.

-The Derfer
10-07-2007, 02:04 PM
unix

Re: trouble with self-signed SSL certificates for Solaris (iPlanet/SunOne/Sun Java System) web server

The Derfer <derf109@gmail.com> writes:[color=blue]
> How can I convert the .key and .crt files I've made to .db files so
> that iPlanet/Sun One/Sun Java System web server will recognize and use
> them? Or is that even possible? Is there a better or more germaine
> way to generate self-signed SSL certs for a server that runs on a Solaris
> (9 in my case) box using aforementioned web servers?[/color]

Look up the docs for keytool, which is the java ssl tool for that type
of thing. You can generate the keys and certs directly or there should
be a way to import your x509 keys and certs generated with openssl.
10-09-2007, 06:09 PM
unix

Re: trouble with self-signed SSL certificates for Solaris (iPlanet/SunOne/Sun Java System) web server

In article <7xir5qyqyp.fsf@ruckus.brouhaha.com>,
Paul Rubin <http://phr.cx@NOSPAM.invalid> wrote:[color=blue]
>The Derfer <derf109@gmail.com> writes:[color=green]
>> How can I convert the .key and .crt files I've made to .db files so
>> that iPlanet/Sun One/Sun Java System web server will recognize and use
>> them? Or is that even possible? Is there a better or more germaine
>> way to generate self-signed SSL certs for a server that runs on a Solaris
>> (9 in my case) box using aforementioned web servers?[/color]
>
>Look up the docs for keytool, which is the java ssl tool for that type
>of thing. You can generate the keys and certs directly or there should
>be a way to import your x509 keys and certs generated with openssl.[/color]

PAUL! Long time no hear from.

What's your email? & web-site? (No comprendo NOSPAM.invalid etc)
(email me at dkcombs at panix com)

(Yeah, I know, my email is in plaintext right there in the from-line.)

Cheers!

David
10-09-2007, 06:09 PM
unix

Re: trouble with self-signed SSL certificates for Solaris (iPlanet/SunOne/Sun Java System) web server

On Oct 2, 2:11 am, The Derfer <derf...@gmail.com> wrote:[color=blue]
> Usually for Apache under a Linux OS, I use openssl to create a
> self-signed SSL certificate using instructions similar to what you
> find at a helpful site like:
>
> [url]http://www.akadia.com/services/ssh_test_certificate.html[/url]
>
> And once generated I can copy the ssl.crt and ssl.key
> files to the appropriate directory and they work fine.
>
> But doing this same procedure for a Solaris box with Sun Java System
> Web Server (formerly Sun One, formerly iPlanet) does not seem even
> relevant.
>
> I can generate the cert and key fine using the same openssl commands
> (such as 'openssl req -new -key server.key -out server.csr' or
> similar)
> but the directory in which keys are stored has keys stored in some
> other
> format and they look completely different. There's a 'cert7.db' or
> 'cert8.db'
> file, along with other .db files for the individual instances that use
> SSL.
>
> How can I convert the .key and .crt files I've made to .db files so
> that iPlanet/Sun One/Sun Java System web server will recognize and use
> them? Or is that even possible? Is there a better or more germaine
> way
> to generate self-signed SSL certs for a server that runs on a Solaris
> (9 in my case) box using aforementioned web servers?
>
> Thanks in advance to anyone who can help.
>
> -The Derfer[/color]

You can use the exceedingly poorly documented and exceedingly painful
to use certutil for this as well. /usr/sfw/bin/certutil on any recent
Solaris install.

Mark