Title: keytool to make cert Subject: Sun's keytool is a pain in the but, so this should help I generated the key on admin.dev.skyflow.com. ---------------------------- Set my path so that I have access to keytool: export PATH=/usr/lib/jre1.3/jre/bin/:$PATH ---------------------------- Change directorie to where Resin stores the keys. cd /usr/local/resin-2.0.1/keys/ ---------------------------- Get the raw keystore with CA public keys: cp /usr/lib/jre1.3/jre/lib/security/cacerts \ /usr/local/resin-2.0.1/keys/customer.skyflow.keystore ---------------------------- Chagne passwd on keystore: keytool -storepasswd \ -storepass changeit \ -new my_passwrod \ -keystore customer.skyflow.keystore ---------------------------- Generate a private key keytool -genkey \ -keyalg RSA \ -alias customer.skyflow.com \ -storepass my_passwrod \ -keystore customer.skyflow.keystore What is your first and last name? [Unknown]: customer.skyflow.com What is the name of your organizational unit? [Unknown]: Operations What is the name of your organization? [Unknown]: SkyFlow Inc What is the name of your City or Locality? [Unknown]: Berkeley What is the name of your State or Province? [Unknown]: CA What is the two-letter country code for this unit? [Unknown]: US Is CN=skyflow.com, OU=Operations, O=Sky Flow Inc., L=Berkeley, ST=CA, C=US correct? [no]: yes Enter key password for (RETURN if same as keystore password): ---------------------------- Requiest a public key: keytool -certreq \ -alias customer.skyflow.com \ -storepass my_password \ -keystore customer.skyflow.keystore \ -file customer.skyflow.scr ------------------------------ Go get it signed. ------------------------------ List keys already in the keystore: keytool -list -v \ -alias customer.skyflow.com \ -storepass my_password \ -keystore customer.skyflow.keystore Alias name: customer.skyflow.com Creation date: Thu May 30 17:03:23 PDT 2002 Entry type: keyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=customer.skyflow.com, OU=Operations, O=SkyFlow Inc, L=Berkeley, ST=CA, C=US Issuer: CN=customer.skyflow.com, OU=Operations, O=SkyFlow Inc, L=Berkeley, ST=CA, C=US Serial number: 3cf6bdc5 Valid from: Thu May 30 17:03:17 PDT 2002 until: Wed Aug 28 17:03:17 PDT 2002 Certificate fingerprints: MD5: E9:06:EF:E0:77:15:65:2B:2C:7C:ED:EE:A5:54:89:BA SHA1: 11:78:7F:FC:43:3C:CC:A3:B3:6E:84:2E:5F:EA:DE:BB:78:16:48:11 ------------------------------ Import the key and truts it: keytool -import \ -alias servertest \ -storepass my_password \ -keystore customer.skyflow.keystore \ -file servertest.cert Owner: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA Serial number: 0 Valid from: Wed Jul 31 17:00:00 PDT 1996 until: Thu Dec 31 13:59:59 PST 2020 Certificate fingerprints: MD5: 5E:E0:0E:1D:17:B7:CA:A5:7D:36:D6:02:DF:4D:26:A4 SHA1: 39:C6:9D:27:AF:DC:EB:47:D6:33:36:6A:B2:05:F1:47:A9:B4:DA:EA Trust this certificate? [no]: yes Certificate was added to keystore ------------------------------ ############################################################# # Need to link differently. ####Problem: every time I try to start resin it errors: bk2lsadm01:/usr/local/resin # ./bin/httpd.sh -java_home /usr/lib/java Resin 2.0.1 (built Tue Jul 10 13:13:19 PDT 2001) Copyright(c) 1998-2001 Caucho Technology. All rights reserved. Starting Resin on Fri, 31 May 2002 19:21:16 -0700 (PDT) java.security.NoSuchAlgorithmException: Algorithm SunX509 not available at com.sun.net.ssl.b.a([DashoPro-V1.2-120198]) at com.sun.net.ssl.KeyManagerFactory.getInstance([DashoPro-V1.2-120198]) at com.caucho.server.http.SSLFactory.getServerSocket(SSLFactory.java:116) at com.caucho.server.http.ResinServer.addServer(ResinServer.java:533) at com.caucho.server.http.ResinServer.addServer(ResinServer.java:453) at com.caucho.server.http.ResinServer.init(ResinServer.java:296) at com.caucho.server.http.ResinServer.main(ResinServer.java:852) at com.caucho.server.http.HttpServer.main(HttpServer.java:93) ############################################################# http://www.mail-archive.com/glenn@zathras.earthdome.org/msg00077.html they say to edit the file java.security Check how prodcution box is setup /usr/lib/java --> /usr/lib/jdk1.1.8 /usr/lib/jdk1.1.8/lib/security/java.security contains: security.provider.1=sun.security.provider.Sun security.provider.2=com.sun.net.ssl.internal.ssl.Provider # # Class to instantiate as the system scope: # system.scope=sun.security.provider.IdentityDatabase --------------------------------------------------- /usr/lib/jdk1.3/jre/lib/security/java.security # # List of providers and their preference orders (see above): # security.provider.1=sun.security.provider.Sun security.provider.2=com.sun.net.ssl.internal.ssl.Provider security.provider.3=com.ibm.crypto.provider.IBMJCA ---------------------------------------------------