Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>Why are you using OpenSSL to generate the keypair? Why not just use <code>keytool</code>?</p> <p>The <code>genrsa</code> tool just generates a private key. How are you creating a corresponding certificate? How are you importing the private key into your Java keystore? (I ask, because <code>keytool</code> can only import a private key from an existing key store, and only from Java 6 onward.)</p> <p>I suspect that your problem is that your key store doesn't contain a key entry (private key <em>and</em> corresponding certificate). When you list the keystore contents with <code>keytool</code>, how many entries are there? Are they key entries or trusted entries?</p> <hr> <p>The server needs access to the private key in order to authenticate itself. To import a private key, use <strong>Java 6's</strong> enhanced <code>keytool</code>.</p> <p>After creating the key and the certificate with OpenSSL, use OpenSSL to create a PKCS #12 key store:</p> <pre><code>openssl pkcs12 -export -in cert.pem -inkey key.pem &gt; server.p12 </code></pre> <p>Then convert this store into a Java key store:</p> <pre><code>keytool -importkeystore -srckeystore server.p12 -destkeystore server.jks -srcstoretype pkcs12 </code></pre> <p>Now use <code>server.jks</code> in your SSL-enable server, which contains the certificate <strong>and</strong> the private key.</p>
    singulars
    1. This table or related slice is empty.
    1. POCan a Java key store import a key pair generated by OpenSSL?
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USerickson
    1. USerickson
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. POCan a Java key store import a key pair generated by OpenSSL?
      singulars
      1. PTQuestion
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTAcceptedByOriginator
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. COBasically, I can run the app (see my question point 4) with keystore that generated by java keytool (yes, like you said, it's correct, I already did it). It works well if I generate directly keystore (jks) from java keytool then my app (FTPS server) just use that keystore. No problem with that. Your question why I using OpenSSL to generate the keypair is because currently the client has license certification (verisign) so I have to test with openssl first. Btw, keytool can import from cert x509 (by doing command: openssl req -x509 -key key.pem -in req.pem -out cert.pem -days 365)
      singulars
      1. PO
      1. USJef
    2. COContinue from above I have import the key that generated by openssl to java keystore (jks) and the java app said the keystore is already valid (i try the other key, java can verify its valid keystore or not). The problem is when I run the app via keystore (generated by java keytool import from openssl cert), the app throws Exception above. The keystore is contain a key entry (it works in httpd ssl), when I do keytool list, the entry is already trusted. I do this command: keytool -import -v -trustcacerts -alias server-alias -file cert.pem -keystore cacerts.jks -keypass x -storepass x
      singulars
      1. PO
      1. USJef
    3. CO@Jef — *No,* it's not correct, or your program would work; just because your key store is in a valid *format* doesn't mean it *contains* the information necessary to authenticate the server. In particular, your statement, "when I do a keytool list, the entry is already trusted," makes it sound like it's a trust entry, not a key entry. **A trust entry will not work—there's no private key.** Apply some simple reasoning: do you ever give `keytool` a file containing the private key? How do you expect to perform server authentication without making the private key available?
      singulars
      1. PO
      1. USerickson
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload