trouble with self-signed SSL certificates for Solaris (iPlanet/SunOne/Sun Java System) web server - Solaris

This is a discussion on trouble with self-signed SSL certificates for Solaris (iPlanet/SunOne/Sun Java System) web server - Solaris ; Usually for Apache under a Linux OS, I use openssl to create a self-signed SSL certificate using instructions similar to what you find at a helpful site like: http://www.akadia.com/services/ssh_t...rtificate.html And once generated I can copy the ssl.crt and ssl.key files ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: trouble with self-signed SSL certificates for Solaris (iPlanet/SunOne/Sun Java System) web server

  1. trouble with self-signed SSL certificates for Solaris (iPlanet/SunOne/Sun Java System) web server

    Usually for Apache under a Linux OS, I use openssl to create a
    self-signed SSL certificate using instructions similar to what you
    find at a helpful site like:

    http://www.akadia.com/services/ssh_t...rtificate.html

    And once generated I can copy the ssl.crt and ssl.key
    files to the appropriate directory and they work fine.

    But doing this same procedure for a Solaris box with Sun Java System
    Web Server (formerly Sun One, formerly iPlanet) does not seem even
    relevant.

    I can generate the cert and key fine using the same openssl commands
    (such as 'openssl req -new -key server.key -out server.csr' or
    similar)
    but the directory in which keys are stored has keys stored in some
    other
    format and they look completely different. There's a 'cert7.db' or
    'cert8.db'
    file, along with other .db files for the individual instances that use
    SSL.

    How can I convert the .key and .crt files I've made to .db files so
    that iPlanet/Sun One/Sun Java System web server will recognize and use
    them? Or is that even possible? Is there a better or more germaine
    way
    to generate self-signed SSL certs for a server that runs on a Solaris
    (9 in my case) box using aforementioned web servers?

    Thanks in advance to anyone who can help.

    -The Derfer


  2. Re: trouble with self-signed SSL certificates for Solaris (iPlanet/SunOne/Sun Java System) web server

    The Derfer writes:
    > How can I convert the .key and .crt files I've made to .db files so
    > that iPlanet/Sun One/Sun Java System web server will recognize and use
    > them? Or is that even possible? Is there a better or more germaine
    > way to generate self-signed SSL certs for a server that runs on a Solaris
    > (9 in my case) box using aforementioned web servers?


    Look up the docs for keytool, which is the java ssl tool for that type
    of thing. You can generate the keys and certs directly or there should
    be a way to import your x509 keys and certs generated with openssl.

  3. Re: trouble with self-signed SSL certificates for Solaris (iPlanet/SunOne/Sun Java System) web server

    In article <7xir5qyqyp.fsf@ruckus.brouhaha.com>,
    Paul Rubin wrote:
    >The Derfer writes:
    >> How can I convert the .key and .crt files I've made to .db files so
    >> that iPlanet/Sun One/Sun Java System web server will recognize and use
    >> them? Or is that even possible? Is there a better or more germaine
    >> way to generate self-signed SSL certs for a server that runs on a Solaris
    >> (9 in my case) box using aforementioned web servers?

    >
    >Look up the docs for keytool, which is the java ssl tool for that type
    >of thing. You can generate the keys and certs directly or there should
    >be a way to import your x509 keys and certs generated with openssl.


    PAUL! Long time no hear from.

    What's your email? & web-site? (No comprendo NOSPAM.invalid etc)
    (email me at dkcombs at panix com)

    (Yeah, I know, my email is in plaintext right there in the from-line.)

    Cheers!

    David



  4. Re: trouble with self-signed SSL certificates for Solaris (iPlanet/SunOne/Sun Java System) web server

    On Oct 2, 2:11 am, The Derfer wrote:
    > Usually for Apache under a Linux OS, I use openssl to create a
    > self-signed SSL certificate using instructions similar to what you
    > find at a helpful site like:
    >
    > http://www.akadia.com/services/ssh_t...rtificate.html
    >
    > And once generated I can copy the ssl.crt and ssl.key
    > files to the appropriate directory and they work fine.
    >
    > But doing this same procedure for a Solaris box with Sun Java System
    > Web Server (formerly Sun One, formerly iPlanet) does not seem even
    > relevant.
    >
    > I can generate the cert and key fine using the same openssl commands
    > (such as 'openssl req -new -key server.key -out server.csr' or
    > similar)
    > but the directory in which keys are stored has keys stored in some
    > other
    > format and they look completely different. There's a 'cert7.db' or
    > 'cert8.db'
    > file, along with other .db files for the individual instances that use
    > SSL.
    >
    > How can I convert the .key and .crt files I've made to .db files so
    > that iPlanet/Sun One/Sun Java System web server will recognize and use
    > them? Or is that even possible? Is there a better or more germaine
    > way
    > to generate self-signed SSL certs for a server that runs on a Solaris
    > (9 in my case) box using aforementioned web servers?
    >
    > Thanks in advance to anyone who can help.
    >
    > -The Derfer


    You can use the exceedingly poorly documented and exceedingly painful
    to use certutil for this as well. /usr/sfw/bin/certutil on any recent
    Solaris install.

    Mark


+ Reply to Thread