Keytool error: : Unable to initialize, java.io.IOException: DerInputStream.getLength(): Redundant length bytes found You may need to used -storepass in both cases if the keystore is protected (which is a good idea).I did try keytool. When you get back your certificate, run "keytool -importcert -alias -keypass -keystore ". Send the resulting file to the company that's going to sign it. To generate your certificate request, use "keytool -certreq -alias -file -keypass -keystore ". Then you send that certificate request to the company that's already asked you for it, and they will create your certificate, by signing your public key with their private key, and they'll send you back an X509 file with your certificate, which you can now add to your keystore, and you'll be ready to connect to a web service using SSL requiring client authentication. For this you need to create a certificate request the process involves creating your own private key, and the corresponding public key, and attaching that public key along with some of your info (email, name, domain name, etc) to a file that's called the certificate request. You will need it so that your web service client can authenticate the server.īut if additionally you need to perform client authentication with SSL, then you need to get your own certificate, to authenticate your web service client. The certificate that you already have is probably the server's certificate, or the certificate used to sign the server's certificate. Any thoughts?Īdditional info: the company behind the webservice told me that the certificate should be requested (using IE & the website) from the PC and user that would import the certificate later. However I cannot expect my clients to perform these steps every time they receive a new certificate. This file can be loaded as a keystore and can be used to authenticate with the webservice. I'm beginning to think that the provided certificate is a public certificate which is being used for authentication.Ī workaround I have found is to import the certificate in IE and export it as a. Because of this entry type (?) I cannot use this certificate to authenticate with the webservice. When I list the entries in the keystore, this entry is of the type trustedCertEntry. The resulting file can be imported into a keystore (using the keytool command). I was able to import this certificate into a keystore by first stripping the first and last line, converting to unix newlines and running a base64-decode. I can import this file as a certificate in Internet Explorer (without having to enter a password!) and use it to authenticate with the webservice. When I inspect the file using a text editor, it has the following contents: -BEGIN CERTIFICATE. The client certificate I received from the company behind the webservice is in. Authentication for the webservice is using a client certificate, a username and a password. During the development of a Java webservice client I ran into a problem.
0 Comments
Leave a Reply. |