You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Elilvannan Nagarajah <el...@affno.lk> on 2005/12/04 07:53:03 UTC
Help(urgent) : My Keypair did not work for wss4j project (wss4j\interop example)
Hi all,
I tried to use the wss4j project for adding security for my web
services. For my web service I want to add signature and encryption type of
security. First I tested the interop example (tested with 'bob' and 'alice'
entries) in the wss4j project. That works fine.
Then I tried to create my key store (using keytool) and
generated 2 keypairs one for server and one for client. I configured
correctly all properties ( I replace the entries 'bob' and 'alice' with my
own aliases name 'affnoserver' and 'affnoclinet'). But for my case client
side is working fine (encrypt the request and sign and send) but in the
serverside I got an exception (when decrypting).
This is the exception trace ----
org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data;
nested
exception is:
java.security.UnrecoverableKeyException: Cannot recover key
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte
dKey(EncryptedKeyProcessor.java:268)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte
dKey(EncryptedKeyProcessor.java:81)
at
org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(En
cryptedKeyProcessor.java:75)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
ityEngine.java:252)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
ityEngine.java:179)
at
org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.ja
va:159)
this is my key store :
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: affnoserver
Creation date: Dec 2, 2005
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=affnoserver, OU=affno, O=eng, L=col, ST=col, C=sl
Issuer: CN=affnoserver, OU=affno, O=eng, L=col, ST=col, C=sl
Serial number: 43900be2
Valid from: Fri Dec 02 14:54:58 LKT 2005 until: Thu Mar 02 14:54:58 LKT 2006
Certificate fingerprints:
MD5: 23:92:DD:B9:D5:CA:66:5B:AD:92:27:0E:48:11:8C:75
SHA1: AB:13:03:92:32:FD:EA:51:DE:DD:9E:7C:DD:90:DD:35:96:52:25:08
*******************************************
*******************************************
Alias name: affnoclient
Creation date: Dec 2, 2005
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=affnoclient, OU=affno, O=eng, L=col, ST=col, C=SL
Issuer: CN=affnoclient, OU=affno, O=eng, L=col, ST=col, C=SL
Serial number: 43904844
Valid from: Fri Dec 02 19:12:36 LKT 2005 until: Thu Mar 02 19:12:36 LKT 2006
Certificate fingerprints:
MD5: B3:76:5E:F5:81:1A:80:9E:0A:9A:FA:A3:36:8E:D7:C3
SHA1: 51:D7:04:8F:4C:5D:4F:F9:21:B0:41:B3:58:8B:E9:FB:FA:98:6A:D2
*******************************************
*******************************************
I used following commands for creating this key store.
keytool -genkey -keyalg RSA -alias affnoserver -keystore affnoserver.jks
-keypass XXXXXXX -storepass password
keytool -genkey -keyalg RSA -alias affnoclient -keystore affnoserver.jks
-keypass XXXXXXX -storepass password
Should I use some other commands to create this key store (like openssl or
PKCS12 format ...)
Please anybody can help me how to create my own keystore and keypairs for
this wss4j project?
Thanks and best regards,
N.Elilvannan
Re: Help(urgent) : My Keypair did not work for wss4j project (wss4j\interop
example)
Posted by Werner Dittmann <We...@t-online.de>.
Hi,
to me it seems that you did not modify the password callback to give
the correct key to get the private key for decryption.
Can you check if all your passwords are set up correctly, also in
the callbacks?
Regards,
Werner
Elilvannan Nagarajah wrote:
> Hi all,
>
> I tried to use the wss4j project for adding security for my web
> services. For my web service I want to add signature and encryption type
> of security. First I tested the interop example (tested with 'bob' and
> 'alice' entries) in the wss4j project. That works fine.
>
> Then I tried to create my key store (using keytool) and
> generated 2 keypairs one for server and one for client. I configured
> correctly all properties ( I replace the entries ‘bob’ and ‘alice’ with
> my own aliases name ‘affnoserver’ and ‘affnoclinet’). But for my case
> client side is working fine (encrypt the request and sign and send) but
> in the serverside I got an exception (when decrypting).
>
>
>
> *_This is the exception trace ----_*
>
>
>
> org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data;
> nested
>
> exception is:
>
> java.security.UnrecoverableKeyException: Cannot recover key
>
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte
>
> dKey(EncryptedKeyProcessor.java:268)
>
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte
>
> dKey(EncryptedKeyProcessor.java:81)
>
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(En
>
> cryptedKeyProcessor.java:75)
>
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
>
> ityEngine.java:252)
>
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
>
> ityEngine.java:179)
>
> at
> org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.ja
>
> va:159)
>
>
>
>
>
>
>
>
>
> _this is my key store : _
>
>
>
>
>
>
>
> Keystore type: jks
>
> Keystore provider: SUN
>
>
>
> Your keystore contains 2 entries
>
>
>
> Alias name: affnoserver
>
> Creation date: Dec 2, 2005
>
> Entry type: keyEntry
>
> Certificate chain length: 1
>
> Certificate[1]:
>
> Owner: CN=affnoserver, OU=affno, O=eng, L=col, ST=col, C=sl
>
> Issuer: CN=affnoserver, OU=affno, O=eng, L=col, ST=col, C=sl
>
> Serial number: 43900be2
>
> Valid from: Fri Dec 02 14:54:58 LKT 2005 until: Thu Mar 02 14:54:58 LKT 2006
>
> Certificate fingerprints:
>
> MD5: 23:92:DD:B9:D5:CA:66:5B:AD:92:27:0E:48:11:8C:75
>
> SHA1: AB:13:03:92:32:FD:EA:51:DE:DD:9E:7C:DD:90:DD:35:96:52:25:08
>
>
>
>
>
> *******************************************
>
> *******************************************
>
>
>
>
>
> Alias name: affnoclient
>
> Creation date: Dec 2, 2005
>
> Entry type: keyEntry
>
> Certificate chain length: 1
>
> Certificate[1]:
>
> Owner: CN=affnoclient, OU=affno, O=eng, L=col, ST=col, C=SL
>
> Issuer: CN=affnoclient, OU=affno, O=eng, L=col, ST=col, C=SL
>
> Serial number: 43904844
>
> Valid from: Fri Dec 02 19:12:36 LKT 2005 until: Thu Mar 02 19:12:36 LKT 2006
>
> Certificate fingerprints:
>
> MD5: B3:76:5E:F5:81:1A:80:9E:0A:9A:FA:A3:36:8E:D7:C3
>
> SHA1: 51:D7:04:8F:4C:5D:4F:F9:21:B0:41:B3:58:8B:E9:FB:FA:98:6A:D2
>
>
>
>
>
> *******************************************
>
> *******************************************
>
>
>
> *_I used following commands for creating this key store._*
>
> *_ _*
>
> keytool -genkey -keyalg RSA -alias affnoserver -keystore
> affnoserver.jks -keypass XXXXXXX -storepass password
>
> keytool -genkey -keyalg RSA -alias affnoclient -keystore
> affnoserver.jks -keypass XXXXXXX -storepass password
>
>
>
>
>
> Should I use some other commands to create this key store (like openssl
> or PKCS12 format ...)
>
>
>
> *Please anybody can help me how to create my own keystore and keypairs
> for this wss4j project?*
>
>
>
>
>
> Thanks and best regards,
>
> N.Elilvannan
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Help(urgent) : My Keypair did not work for wss4j project (wss4j\interop
example)
Posted by Werner Dittmann <We...@t-online.de>.
Hi,
to me it seems that you did not modify the password callback to give
the correct key to get the private key for decryption.
Can you check if all your passwords are set up correctly, also in
the callbacks?
Regards,
Werner
Elilvannan Nagarajah wrote:
> Hi all,
>
> I tried to use the wss4j project for adding security for my web
> services. For my web service I want to add signature and encryption type
> of security. First I tested the interop example (tested with 'bob' and
> 'alice' entries) in the wss4j project. That works fine.
>
> Then I tried to create my key store (using keytool) and
> generated 2 keypairs one for server and one for client. I configured
> correctly all properties ( I replace the entries ‘bob’ and ‘alice’ with
> my own aliases name ‘affnoserver’ and ‘affnoclinet’). But for my case
> client side is working fine (encrypt the request and sign and send) but
> in the serverside I got an exception (when decrypting).
>
>
>
> *_This is the exception trace ----_*
>
>
>
> org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data;
> nested
>
> exception is:
>
> java.security.UnrecoverableKeyException: Cannot recover key
>
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte
>
> dKey(EncryptedKeyProcessor.java:268)
>
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte
>
> dKey(EncryptedKeyProcessor.java:81)
>
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(En
>
> cryptedKeyProcessor.java:75)
>
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
>
> ityEngine.java:252)
>
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur
>
> ityEngine.java:179)
>
> at
> org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.ja
>
> va:159)
>
>
>
>
>
>
>
>
>
> _this is my key store : _
>
>
>
>
>
>
>
> Keystore type: jks
>
> Keystore provider: SUN
>
>
>
> Your keystore contains 2 entries
>
>
>
> Alias name: affnoserver
>
> Creation date: Dec 2, 2005
>
> Entry type: keyEntry
>
> Certificate chain length: 1
>
> Certificate[1]:
>
> Owner: CN=affnoserver, OU=affno, O=eng, L=col, ST=col, C=sl
>
> Issuer: CN=affnoserver, OU=affno, O=eng, L=col, ST=col, C=sl
>
> Serial number: 43900be2
>
> Valid from: Fri Dec 02 14:54:58 LKT 2005 until: Thu Mar 02 14:54:58 LKT 2006
>
> Certificate fingerprints:
>
> MD5: 23:92:DD:B9:D5:CA:66:5B:AD:92:27:0E:48:11:8C:75
>
> SHA1: AB:13:03:92:32:FD:EA:51:DE:DD:9E:7C:DD:90:DD:35:96:52:25:08
>
>
>
>
>
> *******************************************
>
> *******************************************
>
>
>
>
>
> Alias name: affnoclient
>
> Creation date: Dec 2, 2005
>
> Entry type: keyEntry
>
> Certificate chain length: 1
>
> Certificate[1]:
>
> Owner: CN=affnoclient, OU=affno, O=eng, L=col, ST=col, C=SL
>
> Issuer: CN=affnoclient, OU=affno, O=eng, L=col, ST=col, C=SL
>
> Serial number: 43904844
>
> Valid from: Fri Dec 02 19:12:36 LKT 2005 until: Thu Mar 02 19:12:36 LKT 2006
>
> Certificate fingerprints:
>
> MD5: B3:76:5E:F5:81:1A:80:9E:0A:9A:FA:A3:36:8E:D7:C3
>
> SHA1: 51:D7:04:8F:4C:5D:4F:F9:21:B0:41:B3:58:8B:E9:FB:FA:98:6A:D2
>
>
>
>
>
> *******************************************
>
> *******************************************
>
>
>
> *_I used following commands for creating this key store._*
>
> *_ _*
>
> keytool -genkey -keyalg RSA -alias affnoserver -keystore
> affnoserver.jks -keypass XXXXXXX -storepass password
>
> keytool -genkey -keyalg RSA -alias affnoclient -keystore
> affnoserver.jks -keypass XXXXXXX -storepass password
>
>
>
>
>
> Should I use some other commands to create this key store (like openssl
> or PKCS12 format ...)
>
>
>
> *Please anybody can help me how to create my own keystore and keypairs
> for this wss4j project?*
>
>
>
>
>
> Thanks and best regards,
>
> N.Elilvannan
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Help(urgent) : My Keypair did not work for wss4j project (wss4j\interop example)
Posted by Abdul Ashik <ab...@gmail.com>.
Hi,
For key/certs/keystores, I used the following to test my client / server
connectivity (Axis 1.2.1 & WSS4J setup):
Tools:
a) OpenSSL for windows (still command line) version 0.9.8 (05 Jul 2005) -
http://www.slproweb.com/products/Win32OpenSSL.html
b). KeyTool GUI 1.6 (2003 Wayne Grant, GPL) - now superceded by KeyTool
Explorer - http://www.lazgosoftware.com/kse/ but you can use keytool
command line instead
NB. There are more ways to accomplish this - but this is the way I've done
it :
To create version 3 X.509 certificates, I've used OpenSSL
1. generate triple des rsa keypair (512 bits)
openssl genrsa -des3 -out ws-server.key 512
2. self-sign & export x509 cert (md5 algo, 365 validity)
openssl req -new -x509 -days 365 -md5 -key ws-server.key -out
ws-server.crt
(blank for all attributes except for CN)
**********************************************
Do the same as above for the client(s)
**********************************************
3. convert from PEM format and add to PKCS#12 keystore:
openssl pkcs12 -export -out ws-server.pfx -inkey ws-server.key -in
ws-server.crt
**********************************************
Do the same as above for the client(s)
**********************************************
4. load pkcs12 files into KeyTool and import server's public cert in to the
clients' keystore - AND VICE VERSA
5. Convert to JKS format (change Keystore type) and set the keypair password
(note: there's a password for the keystore and password for the
keys/certs. password for key/cert should be in
PasswordCallback class and password for keystore should be in
crypto.props file)
Notes:
1. The example above uses 512 bit strength algo's, but this will limit the
size of the data you can sign/encrypt - therefore it is recommended that
1024 bits is used
2. This example shows the server needs a keystore with the client's public
cert (self-signed). Another way to do this is to sign the public cert using
a Certificate Authority, then include the client's X.509 cert in the request
-this will allow the server to verify the client's signature and encrypt the
response (if required). Please see WSS4J FAQ for more info.
Hope that helps.
Cheers,
Ash
On 04/12/05, Elilvannan Nagarajah <el...@affno.lk> wrote:
>
> Hi all,
>
> I tried to use the wss4j project for adding security for my web
> services. For my web service I want to add signature and encryption type of
> security. First I tested the interop example (tested with 'bob' and 'alice'
> entries) in the wss4j project. That works fine.
>
> Then I tried to create my key store (using keytool) and
> generated 2 keypairs one for server and one for client. I configured
> correctly all properties ( I replace the entries 'bob' and 'alice' with my
> own aliases name 'affnoserver' and 'affnoclinet'). But for my case client
> side is working fine (encrypt the request and sign and send) but in the
> serverside I got an exception (when decrypting).
>
>
>
> *This is the exception trace ----*
>
>
>
> org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data;
> nested
>
> exception is:
>
> java.security.UnrecoverableKeyException: Cannot recover key
>
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte
>
> dKey(EncryptedKeyProcessor.java:268)
>
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte
>
> dKey(EncryptedKeyProcessor.java:81)
>
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(En
>
> cryptedKeyProcessor.java:75)
>
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader
> (WSSecur
>
> ityEngine.java:252)
>
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader
> (WSSecur
>
> ityEngine.java:179)
>
> at org.apache.ws.axis.security.WSDoAllReceiver.invoke(
> WSDoAllReceiver.ja
>
> va:159)
>
>
>
>
>
>
>
>
>
> *this is my key store : *
>
>
>
>
>
>
>
> Keystore type: jks
>
> Keystore provider: SUN
>
>
>
> Your keystore contains 2 entries
>
>
>
> Alias name: affnoserver
>
> Creation date: Dec 2, 2005
>
> Entry type: keyEntry
>
> Certificate chain length: 1
>
> Certificate[1]:
>
> Owner: CN=affnoserver, OU=affno, O=eng, L=col, ST=col, C=sl
>
> Issuer: CN=affnoserver, OU=affno, O=eng, L=col, ST=col, C=sl
>
> Serial number: 43900be2
>
> Valid from: Fri Dec 02 14:54:58 LKT 2005 until: Thu Mar 02 14:54:58 LKT
> 2006
>
> Certificate fingerprints:
>
> MD5: 23:92:DD:B9:D5:CA:66:5B:AD:92:27:0E:48:11:8C:75
>
> SHA1: AB:13:03:92:32:FD:EA:51:DE:DD:9E:7C:DD:90:DD:35:96:52:25:08
>
>
>
>
>
> *******************************************
>
> *******************************************
>
>
>
>
>
> Alias name: affnoclient
>
> Creation date: Dec 2, 2005
>
> Entry type: keyEntry
>
> Certificate chain length: 1
>
> Certificate[1]:
>
> Owner: CN=affnoclient, OU=affno, O=eng, L=col, ST=col, C=SL
>
> Issuer: CN=affnoclient, OU=affno, O=eng, L=col, ST=col, C=SL
>
> Serial number: 43904844
>
> Valid from: Fri Dec 02 19:12:36 LKT 2005 until: Thu Mar 02 19:12:36 LKT
> 2006
>
> Certificate fingerprints:
>
> MD5: B3:76:5E:F5:81:1A:80:9E:0A:9A:FA:A3:36:8E:D7:C3
>
> SHA1: 51:D7:04:8F:4C:5D:4F:F9:21:B0:41:B3:58:8B:E9:FB:FA:98:6A:D2
>
>
>
>
>
> *******************************************
>
> *******************************************
>
>
>
> *I used following commands for creating this key store.*
>
> * *
>
> keytool -genkey -keyalg RSA -alias affnoserver -keystore affnoserver.jks
> -keypass XXXXXXX -storepass password
>
> keytool -genkey -keyalg RSA -alias affnoclient -keystore affnoserver.jks
> -keypass XXXXXXX -storepass password
>
>
>
>
>
> Should I use some other commands to create this key store (like openssl or
> PKCS12 format ...)
>
>
>
> *Please anybody can help me how to create my own keystore and keypairs for
> this wss4j project?*
>
>
>
>
>
> Thanks and best regards,
>
> N.Elilvannan
>
Re: Help(urgent) : My Keypair did not work for wss4j project (wss4j\interop example)
Posted by Abdul Ashik <ab...@gmail.com>.
Hi,
For key/certs/keystores, I used the following to test my client / server
connectivity (Axis 1.2.1 & WSS4J setup):
Tools:
a) OpenSSL for windows (still command line) version 0.9.8 (05 Jul 2005) -
http://www.slproweb.com/products/Win32OpenSSL.html
b). KeyTool GUI 1.6 (2003 Wayne Grant, GPL) - now superceded by KeyTool
Explorer - http://www.lazgosoftware.com/kse/ but you can use keytool
command line instead
NB. There are more ways to accomplish this - but this is the way I've done
it :
To create version 3 X.509 certificates, I've used OpenSSL
1. generate triple des rsa keypair (512 bits)
openssl genrsa -des3 -out ws-server.key 512
2. self-sign & export x509 cert (md5 algo, 365 validity)
openssl req -new -x509 -days 365 -md5 -key ws-server.key -out
ws-server.crt
(blank for all attributes except for CN)
**********************************************
Do the same as above for the client(s)
**********************************************
3. convert from PEM format and add to PKCS#12 keystore:
openssl pkcs12 -export -out ws-server.pfx -inkey ws-server.key -in
ws-server.crt
**********************************************
Do the same as above for the client(s)
**********************************************
4. load pkcs12 files into KeyTool and import server's public cert in to the
clients' keystore - AND VICE VERSA
5. Convert to JKS format (change Keystore type) and set the keypair password
(note: there's a password for the keystore and password for the
keys/certs. password for key/cert should be in
PasswordCallback class and password for keystore should be in
crypto.props file)
Notes:
1. The example above uses 512 bit strength algo's, but this will limit the
size of the data you can sign/encrypt - therefore it is recommended that
1024 bits is used
2. This example shows the server needs a keystore with the client's public
cert (self-signed). Another way to do this is to sign the public cert using
a Certificate Authority, then include the client's X.509 cert in the request
-this will allow the server to verify the client's signature and encrypt the
response (if required). Please see WSS4J FAQ for more info.
Hope that helps.
Cheers,
Ash
On 04/12/05, Elilvannan Nagarajah <el...@affno.lk> wrote:
>
> Hi all,
>
> I tried to use the wss4j project for adding security for my web
> services. For my web service I want to add signature and encryption type of
> security. First I tested the interop example (tested with 'bob' and 'alice'
> entries) in the wss4j project. That works fine.
>
> Then I tried to create my key store (using keytool) and
> generated 2 keypairs one for server and one for client. I configured
> correctly all properties ( I replace the entries 'bob' and 'alice' with my
> own aliases name 'affnoserver' and 'affnoclinet'). But for my case client
> side is working fine (encrypt the request and sign and send) but in the
> serverside I got an exception (when decrypting).
>
>
>
> *This is the exception trace ----*
>
>
>
> org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data;
> nested
>
> exception is:
>
> java.security.UnrecoverableKeyException: Cannot recover key
>
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte
>
> dKey(EncryptedKeyProcessor.java:268)
>
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte
>
> dKey(EncryptedKeyProcessor.java:81)
>
> at
> org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(En
>
> cryptedKeyProcessor.java:75)
>
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader
> (WSSecur
>
> ityEngine.java:252)
>
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader
> (WSSecur
>
> ityEngine.java:179)
>
> at org.apache.ws.axis.security.WSDoAllReceiver.invoke(
> WSDoAllReceiver.ja
>
> va:159)
>
>
>
>
>
>
>
>
>
> *this is my key store : *
>
>
>
>
>
>
>
> Keystore type: jks
>
> Keystore provider: SUN
>
>
>
> Your keystore contains 2 entries
>
>
>
> Alias name: affnoserver
>
> Creation date: Dec 2, 2005
>
> Entry type: keyEntry
>
> Certificate chain length: 1
>
> Certificate[1]:
>
> Owner: CN=affnoserver, OU=affno, O=eng, L=col, ST=col, C=sl
>
> Issuer: CN=affnoserver, OU=affno, O=eng, L=col, ST=col, C=sl
>
> Serial number: 43900be2
>
> Valid from: Fri Dec 02 14:54:58 LKT 2005 until: Thu Mar 02 14:54:58 LKT
> 2006
>
> Certificate fingerprints:
>
> MD5: 23:92:DD:B9:D5:CA:66:5B:AD:92:27:0E:48:11:8C:75
>
> SHA1: AB:13:03:92:32:FD:EA:51:DE:DD:9E:7C:DD:90:DD:35:96:52:25:08
>
>
>
>
>
> *******************************************
>
> *******************************************
>
>
>
>
>
> Alias name: affnoclient
>
> Creation date: Dec 2, 2005
>
> Entry type: keyEntry
>
> Certificate chain length: 1
>
> Certificate[1]:
>
> Owner: CN=affnoclient, OU=affno, O=eng, L=col, ST=col, C=SL
>
> Issuer: CN=affnoclient, OU=affno, O=eng, L=col, ST=col, C=SL
>
> Serial number: 43904844
>
> Valid from: Fri Dec 02 19:12:36 LKT 2005 until: Thu Mar 02 19:12:36 LKT
> 2006
>
> Certificate fingerprints:
>
> MD5: B3:76:5E:F5:81:1A:80:9E:0A:9A:FA:A3:36:8E:D7:C3
>
> SHA1: 51:D7:04:8F:4C:5D:4F:F9:21:B0:41:B3:58:8B:E9:FB:FA:98:6A:D2
>
>
>
>
>
> *******************************************
>
> *******************************************
>
>
>
> *I used following commands for creating this key store.*
>
> * *
>
> keytool -genkey -keyalg RSA -alias affnoserver -keystore affnoserver.jks
> -keypass XXXXXXX -storepass password
>
> keytool -genkey -keyalg RSA -alias affnoclient -keystore affnoserver.jks
> -keypass XXXXXXX -storepass password
>
>
>
>
>
> Should I use some other commands to create this key store (like openssl or
> PKCS12 format ...)
>
>
>
> *Please anybody can help me how to create my own keystore and keypairs for
> this wss4j project?*
>
>
>
>
>
> Thanks and best regards,
>
> N.Elilvannan
>