Hello,
what are the steps to create and set a client certificate with setKeyAndChain?
Following the instructions from [URL]http://codeghar.wordpress.com/2008/03/17/create-a-certificate-authority-and-certificates-with-openssl/[/URL] I managed to create key, CA- and clientcerts …
- Generate CA Key and Certificate
[QUOTE]
openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days 365 -config conf/caconfig.cnf
[/QUOTE] - Create Client Certificate
[QUOTE]
openssl req -new -nodes -out myfriend.req.pem -keyout private/myfriend.key.pem -days 365 -config conf/caconfig.cnf
[/QUOTE] - Sign Client Certificate
[QUOTE]
openssl ca -out certs/myfriend.cert.pem -days 365 -config conf/openssl.cnf -infiles myfriend.req.pem
[/QUOTE] - Transform CA Key to DER format
[QUOTE]
openssl rsa -inform PEM -outform DER -in private/cakey.pem -out private/cakey.der
[/QUOTE] - Transform signed Client Certificate
[QUOTE]
openssl.exe x509 -in .pem -outform DER -out myfriend.der
[/QUOTE] - Install signed Client Certificate myfriend.der to local windows “Trusted Root Certification Authorities”
- setKeyAndChain
[QUOTE]
privKeyFile = private/cakey.der
certfiles = myfriend.der
[/QUOTE]
Unfortunately the partner doesn’t receive the Client Certificate and I get the error “java.io.IOException: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: certificate unknown”.
Because of firewall, proxy etc. settings I just can test on a productive environment. I.e. I cannot restart and enable SSL-logging.
What is the right combination of certs for the setKeyAndChain service? Is something wrong with the steps of creation?
Thanks in advance,
Daniel