Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

R: client authentication on iPlanet Web Server 4.1

3 views
Skip to first unread message

Andrea LUCIANO

unread,
Nov 20, 2000, 3:00:00 AM11/20/00
to
I suggest trying to use tools coming with openssl installation
(www.openssl.org).
Generate e cert.request from keytool if you desire so.
Then create a 128 bit key for your own cert.Authority with the tool in
openssl and reply to cert.request from keytool.

Download and read carefully the documentation from openssl and after a few
experiments you'd be able to generate your CA (cert.authority) and your
client/server certificate.

Summing up, you need:

Generate a 128 key
Generate your CA root certificate containing public key
Generate a certificate request from your keytool
Reply to cer.req. generating a certificate signined by your CA
Installing in client and server the CA root certificate
Installing in server the certificate signed by CA

Let me know results if you decide to try.

Best Regards,
Andrea

P.S. I'm not an expert and eventually I miss something, so read suggested
documentation

Fujian Yang <Fujia...@sonera.com> wrote in message
39FFDF81...@sonera.com...
> Hello,
>
> I'm using SSL to connect a client(written with JSSE1.0.2) and a iPlanet
> web server 4.1. And I want to do both server and client authentication.
>
> For the server authentication I got a trial server certificate from
> Verisign, it works fine.
>
> For the client authentication, I use keytool to generate a self signed
> certificate by issuing the command:
> keytool -genkey -alias myAlias
> and
> keytool -list -rfc -alias myAlias > client.cer.txt
>
> Removed the header in client.cer.txt, I got a self signed certificate.
> It just contains "-----BEGIN CERTIFICATE ...... -----END
> CERTIFICATE-----".
>
> Then on the administration server, I installed this certificate as a
> trusted certificate authority.
>
> But when the client tried to talk with the server using this
> certificate, it caught the exception "javax.net.ssl.SSLException:
> Received fatal alert: handshake_failure (no cipher suites in common)",
> while on the server the error is "Error receiving connection
> (SEC_ERROR_BAD_SIGNATURE - Certificate has invalid signature) "
>
> Can anybody tell me what went wrong here?
>
> Thank you,
> -Fujian
>

0 new messages