You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ofbiz.apache.org by Info Olagos <in...@gmail.com> on 2011/03/15 20:48:57 UTC
certificate in PKCS7 format in Ofbiz
Hello,
Has anyone already imported a PKCS7 certificate into the java keystore for
use with embedded Tomcat Ofbiz?
Regards,
Heidi
--
Olagos bvba
http://www.olagos.eu <http://www.olagos.eu/>
http://www.olagos.com
http://www.olagos.be
http://www.olagos.nl
Olagos team
Heesterbos 5
2570 Duffel
Belgium
Re: certificate in PKCS7 format in Ofbiz
Posted by Info Olagos <in...@gmail.com>.
Waow
Thanks for all the information !!
Regards,
Heidi
2011/3/17 Richard Siddall <ri...@elirion.net>
> Info Olagos wrote:
>
>> Hello,
>>
>> For anyone who has succesfully imported a PKCS12 certificate in a keystore
>> :
>>
>> Does this work with the java keytool tool on a linux system, i mean is it
>> possible to import PKCS 12 certificates on that?
>>
>> It seams impossible to import with the java keytool tool on a windows
>> vista
>> business system a PKCS12 certificate.
>>
>> Anyone experience with it?
>>
>> Regards,
>> Heidi
>>
>
> This is on CentOS 5.5 using java-1.6.0-openjdk-1.6.0.0-1.16.b17.el5
>
> Use OpenSSL to create a PKCS#12 file from an SSL certificate (in
> server.crt) and private key (in server.key):
>
> openssl pkcs12 -export -in server.crt -inkey server.key -out server.pkcs12
> -name ofbiz
>
> Go and find the .jks file:
>
> cd /opt/apache-ofbiz-09.04/framework/base/config/
>
> Back it up:
>
> mv ofbizssl.jks ofbizssl.jks.old
>
> Run keytool to import the PKCS12 cert & key:
>
> keytool -importkeystore -deststorepass changeit -destkeypass changeit
> -destkeystore ofbizssl.jks -srckeystore /root/server.pkcs12 -srcstoretype
> PKCS12 -srcstorepass changeit -alias ofbiz
>
> Check the results:
>
> keytool -list -v -keystore ofbizssl.jks -storepass changeit
>
> Start OFBiz and make sure SSL works...
>
> Note that I'm using the existing password 'changeit' as I'm too lazy to
> reconfigure OFBiz to use something different.
>
> Regards,
>
> Richard Siddall
>
> P.S. The keytool commands also work on Windows XP with JDK 1.6.0-21 with
> the same PKCS12 file.
>
--
Olagos bvba
http://www.olagos.eu <http://www.olagos.eu/>
http://www.olagos.com
http://www.olagos.be
http://www.olagos.nl
Olagos team
Heesterbos 5
2570 Duffel
Belgium
Re: certificate in PKCS7 format in Ofbiz
Posted by Info Olagos <in...@gmail.com>.
Thanks Richard,
This is the exact method for having a working solution !!
Thanks,
Heidi
2011/3/17 Richard Siddall <ri...@elirion.net>
> Info Olagos wrote:
>
>> Hello,
>>
>> For anyone who has succesfully imported a PKCS12 certificate in a keystore
>> :
>>
>> Does this work with the java keytool tool on a linux system, i mean is it
>> possible to import PKCS 12 certificates on that?
>>
>> It seams impossible to import with the java keytool tool on a windows
>> vista
>> business system a PKCS12 certificate.
>>
>> Anyone experience with it?
>>
>> Regards,
>> Heidi
>>
>
> This is on CentOS 5.5 using java-1.6.0-openjdk-1.6.0.0-1.16.b17.el5
>
> Use OpenSSL to create a PKCS#12 file from an SSL certificate (in
> server.crt) and private key (in server.key):
>
> openssl pkcs12 -export -in server.crt -inkey server.key -out server.pkcs12
> -name ofbiz
>
> Go and find the .jks file:
>
> cd /opt/apache-ofbiz-09.04/framework/base/config/
>
> Back it up:
>
> mv ofbizssl.jks ofbizssl.jks.old
>
> Run keytool to import the PKCS12 cert & key:
>
> keytool -importkeystore -deststorepass changeit -destkeypass changeit
> -destkeystore ofbizssl.jks -srckeystore /root/server.pkcs12 -srcstoretype
> PKCS12 -srcstorepass changeit -alias ofbiz
>
> Check the results:
>
> keytool -list -v -keystore ofbizssl.jks -storepass changeit
>
> Start OFBiz and make sure SSL works...
>
> Note that I'm using the existing password 'changeit' as I'm too lazy to
> reconfigure OFBiz to use something different.
>
> Regards,
>
> Richard Siddall
>
> P.S. The keytool commands also work on Windows XP with JDK 1.6.0-21 with
> the same PKCS12 file.
>
--
Olagos bvba
http://www.olagos.eu <http://www.olagos.eu/>
http://www.olagos.com
http://www.olagos.be
http://www.olagos.nl
Olagos team
Heesterbos 5
2570 Duffel
Belgium
Re: certificate in PKCS7 format in Ofbiz
Posted by Richard Siddall <ri...@elirion.net>.
Info Olagos wrote:
> Hello,
>
> For anyone who has succesfully imported a PKCS12 certificate in a keystore :
>
> Does this work with the java keytool tool on a linux system, i mean is it
> possible to import PKCS 12 certificates on that?
>
> It seams impossible to import with the java keytool tool on a windows vista
> business system a PKCS12 certificate.
>
> Anyone experience with it?
>
> Regards,
> Heidi
This is on CentOS 5.5 using java-1.6.0-openjdk-1.6.0.0-1.16.b17.el5
Use OpenSSL to create a PKCS#12 file from an SSL certificate (in
server.crt) and private key (in server.key):
openssl pkcs12 -export -in server.crt -inkey server.key -out
server.pkcs12 -name ofbiz
Go and find the .jks file:
cd /opt/apache-ofbiz-09.04/framework/base/config/
Back it up:
mv ofbizssl.jks ofbizssl.jks.old
Run keytool to import the PKCS12 cert & key:
keytool -importkeystore -deststorepass changeit -destkeypass changeit
-destkeystore ofbizssl.jks -srckeystore /root/server.pkcs12
-srcstoretype PKCS12 -srcstorepass changeit -alias ofbiz
Check the results:
keytool -list -v -keystore ofbizssl.jks -storepass changeit
Start OFBiz and make sure SSL works...
Note that I'm using the existing password 'changeit' as I'm too lazy to
reconfigure OFBiz to use something different.
Regards,
Richard Siddall
P.S. The keytool commands also work on Windows XP with JDK 1.6.0-21 with
the same PKCS12 file.
Re: certificate in PKCS7 format in Ofbiz
Posted by Info Olagos <in...@gmail.com>.
Thanks Jacques,
And you know, by the way, how to reference to it then in
ofbiz-containers.xml to the certificate?
Heidi
2011/3/17 Jacques Le Roux <jl...@les7arts.com>
> IIRW, to import a such certificate in Windows you can rely on Windows
> itself. In file explorer right click: install. There are more explanations
> on the Net
>
> Jacques
>
> From: "Info Olagos" <in...@gmail.com>
>
>> Hello,
>>
>> For anyone who has succesfully imported a PKCS12 certificate in a keystore
>> :
>>
>> Does this work with the java keytool tool on a linux system, i mean is it
>> possible to import PKCS 12 certificates on that?
>>
>> It seams impossible to import with the java keytool tool on a windows
>> vista
>> business system a PKCS12 certificate.
>>
>> Anyone experience with it?
>>
>> Regards,
>> Heidi
>>
>> 2011/3/16 Info Olagos <in...@gmail.com>
>>
>> But if i want to import the PKCS12 certificate into a new keystore, i
>>> try
>>> to do:
>>>
>>> keytool -importcert -alias ssl -trustcacerts -file
>>> c:\...\...\...\mypfx.pfx
>>> -keystore eee.pfx
>>> Enter keystore password:*****
>>> Re-enter new password: *****
>>> keytool error: java.lang.Exception: Input not an X.509 certificate
>>>
>>> Has anyone an idea how to solve this ?
>>>
>>> regards,
>>> Heidi
>>> 2011/3/16 Info Olagos <in...@gmail.com>
>>>
>>> Thanks. !
>>>>
>>>> Very useful document about PKCS12 import.
>>>>
>>>> Heidi
>>>>
>>>> 2011/3/16 Christian Geisert <ch...@isu-gmbh.de>
>>>>
>>>> Info Olagos schrieb:
>>>>>
>>>>> ok thanks for info.
>>>>>
>>>>>>
>>>>>> But the certificate in PKCS#12 format (standard) contains both the
>>>>>> private
>>>>>> key and public key. It is a standard to transfer the certificates from
>>>>>> the
>>>>>> public certificate provider to my webserver.
>>>>>>
>>>>>> Because i didn't generate the private key myself. And i didn't request
>>>>>> for a
>>>>>> certificate to the certificate provider. It was only my provider who
>>>>>> generated the private key and the public key.
>>>>>>
>>>>>>
>>>>> Uh, the point of a *private* key is that you keep it private...
>>>>>
>>>>> So your problem now is that you want to import the private key into the
>>>>> JKS?
>>>>> See
>>>>> http://cunning.sharp.fm/2008/06/importing_private_keys_into_a.htmlfora solution.
>>>>>
>>>>>
>>>>> Christian
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Olagos bvba
>>>> http://www.olagos.eu <http://www.olagos.eu/>
>>>>
>>>> http://www.olagos.com
>>>> http://www.olagos.be
>>>> http://www.olagos.nl
>>>> Olagos team
>>>> Heesterbos 5
>>>> 2570 Duffel
>>>> Belgium
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>> --
>>> Olagos bvba
>>> http://www.olagos.eu <http://www.olagos.eu/>
>>>
>>> http://www.olagos.com
>>> http://www.olagos.be
>>> http://www.olagos.nl
>>> Olagos team
>>> Heesterbos 5
>>> 2570 Duffel
>>> Belgium
>>>
>>>
>>>
>>>
>>>
>>
>> --
>> Olagos bvba
>> http://www.olagos.eu <http://www.olagos.eu/>
>>
>> http://www.olagos.com
>> http://www.olagos.be
>> http://www.olagos.nl
>> Olagos team
>> Heesterbos 5
>> 2570 Duffel
>> Belgium
>>
>>
>
--
Olagos bvba
http://www.olagos.eu <http://www.olagos.eu/>
http://www.olagos.com
http://www.olagos.be
http://www.olagos.nl
Olagos team
Heesterbos 5
2570 Duffel
Belgium
Re: certificate in PKCS7 format in Ofbiz
Posted by Jacques Le Roux <jl...@les7arts.com>.
IIRW, to import a such certificate in Windows you can rely on Windows itself.
In file explorer right click: install. There are more explanations on the Net
Jacques
From: "Info Olagos" <in...@gmail.com>
> Hello,
>
> For anyone who has succesfully imported a PKCS12 certificate in a keystore :
>
> Does this work with the java keytool tool on a linux system, i mean is it
> possible to import PKCS 12 certificates on that?
>
> It seams impossible to import with the java keytool tool on a windows vista
> business system a PKCS12 certificate.
>
> Anyone experience with it?
>
> Regards,
> Heidi
>
> 2011/3/16 Info Olagos <in...@gmail.com>
>
>> But if i want to import the PKCS12 certificate into a new keystore, i try
>> to do:
>>
>> keytool -importcert -alias ssl -trustcacerts -file c:\...\...\...\mypfx.pfx
>> -keystore eee.pfx
>> Enter keystore password:*****
>> Re-enter new password: *****
>> keytool error: java.lang.Exception: Input not an X.509 certificate
>>
>> Has anyone an idea how to solve this ?
>>
>> regards,
>> Heidi
>> 2011/3/16 Info Olagos <in...@gmail.com>
>>
>>> Thanks. !
>>>
>>> Very useful document about PKCS12 import.
>>>
>>> Heidi
>>>
>>> 2011/3/16 Christian Geisert <ch...@isu-gmbh.de>
>>>
>>>> Info Olagos schrieb:
>>>>
>>>> ok thanks for info.
>>>>>
>>>>> But the certificate in PKCS#12 format (standard) contains both the
>>>>> private
>>>>> key and public key. It is a standard to transfer the certificates from
>>>>> the
>>>>> public certificate provider to my webserver.
>>>>>
>>>>> Because i didn't generate the private key myself. And i didn't request
>>>>> for a
>>>>> certificate to the certificate provider. It was only my provider who
>>>>> generated the private key and the public key.
>>>>>
>>>>
>>>> Uh, the point of a *private* key is that you keep it private...
>>>>
>>>> So your problem now is that you want to import the private key into the
>>>> JKS?
>>>> See http://cunning.sharp.fm/2008/06/importing_private_keys_into_a.htmlfor a solution.
>>>>
>>>>
>>>> Christian
>>>>
>>>
>>>
>>>
>>> --
>>> Olagos bvba
>>> http://www.olagos.eu <http://www.olagos.eu/>
>>> http://www.olagos.com
>>> http://www.olagos.be
>>> http://www.olagos.nl
>>> Olagos team
>>> Heesterbos 5
>>> 2570 Duffel
>>> Belgium
>>>
>>>
>>>
>>>
>>
>>
>> --
>> Olagos bvba
>> http://www.olagos.eu <http://www.olagos.eu/>
>> http://www.olagos.com
>> http://www.olagos.be
>> http://www.olagos.nl
>> Olagos team
>> Heesterbos 5
>> 2570 Duffel
>> Belgium
>>
>>
>>
>>
>
>
> --
> Olagos bvba
> http://www.olagos.eu <http://www.olagos.eu/>
> http://www.olagos.com
> http://www.olagos.be
> http://www.olagos.nl
> Olagos team
> Heesterbos 5
> 2570 Duffel
> Belgium
>
Re: certificate in PKCS7 format in Ofbiz
Posted by Info Olagos <in...@gmail.com>.
Hello,
For anyone who has succesfully imported a PKCS12 certificate in a keystore :
Does this work with the java keytool tool on a linux system, i mean is it
possible to import PKCS 12 certificates on that?
It seams impossible to import with the java keytool tool on a windows vista
business system a PKCS12 certificate.
Anyone experience with it?
Regards,
Heidi
2011/3/16 Info Olagos <in...@gmail.com>
> But if i want to import the PKCS12 certificate into a new keystore, i try
> to do:
>
> keytool -importcert -alias ssl -trustcacerts -file c:\...\...\...\mypfx.pfx
> -keystore eee.pfx
> Enter keystore password:*****
> Re-enter new password: *****
> keytool error: java.lang.Exception: Input not an X.509 certificate
>
> Has anyone an idea how to solve this ?
>
> regards,
> Heidi
> 2011/3/16 Info Olagos <in...@gmail.com>
>
>> Thanks. !
>>
>> Very useful document about PKCS12 import.
>>
>> Heidi
>>
>> 2011/3/16 Christian Geisert <ch...@isu-gmbh.de>
>>
>>> Info Olagos schrieb:
>>>
>>> ok thanks for info.
>>>>
>>>> But the certificate in PKCS#12 format (standard) contains both the
>>>> private
>>>> key and public key. It is a standard to transfer the certificates from
>>>> the
>>>> public certificate provider to my webserver.
>>>>
>>>> Because i didn't generate the private key myself. And i didn't request
>>>> for a
>>>> certificate to the certificate provider. It was only my provider who
>>>> generated the private key and the public key.
>>>>
>>>
>>> Uh, the point of a *private* key is that you keep it private...
>>>
>>> So your problem now is that you want to import the private key into the
>>> JKS?
>>> See http://cunning.sharp.fm/2008/06/importing_private_keys_into_a.htmlfor a solution.
>>>
>>>
>>> Christian
>>>
>>
>>
>>
>> --
>> Olagos bvba
>> http://www.olagos.eu <http://www.olagos.eu/>
>> http://www.olagos.com
>> http://www.olagos.be
>> http://www.olagos.nl
>> Olagos team
>> Heesterbos 5
>> 2570 Duffel
>> Belgium
>>
>>
>>
>>
>
>
> --
> Olagos bvba
> http://www.olagos.eu <http://www.olagos.eu/>
> http://www.olagos.com
> http://www.olagos.be
> http://www.olagos.nl
> Olagos team
> Heesterbos 5
> 2570 Duffel
> Belgium
>
>
>
>
--
Olagos bvba
http://www.olagos.eu <http://www.olagos.eu/>
http://www.olagos.com
http://www.olagos.be
http://www.olagos.nl
Olagos team
Heesterbos 5
2570 Duffel
Belgium
Re: certificate in PKCS7 format in Ofbiz
Posted by Info Olagos <in...@gmail.com>.
But if i want to import the PKCS12 certificate into a new keystore, i try to
do:
keytool -importcert -alias ssl -trustcacerts -file c:\...\...\...\mypfx.pfx
-keystore eee.pfx
Enter keystore password:*****
Re-enter new password: *****
keytool error: java.lang.Exception: Input not an X.509 certificate
Has anyone an idea how to solve this ?
regards,
Heidi
2011/3/16 Info Olagos <in...@gmail.com>
> Thanks. !
>
> Very useful document about PKCS12 import.
>
> Heidi
>
> 2011/3/16 Christian Geisert <ch...@isu-gmbh.de>
>
>> Info Olagos schrieb:
>>
>> ok thanks for info.
>>>
>>> But the certificate in PKCS#12 format (standard) contains both the
>>> private
>>> key and public key. It is a standard to transfer the certificates from
>>> the
>>> public certificate provider to my webserver.
>>>
>>> Because i didn't generate the private key myself. And i didn't request
>>> for a
>>> certificate to the certificate provider. It was only my provider who
>>> generated the private key and the public key.
>>>
>>
>> Uh, the point of a *private* key is that you keep it private...
>>
>> So your problem now is that you want to import the private key into the
>> JKS?
>> See http://cunning.sharp.fm/2008/06/importing_private_keys_into_a.htmlfor a solution.
>>
>>
>> Christian
>>
>
>
>
> --
> Olagos bvba
> http://www.olagos.eu <http://www.olagos.eu/>
> http://www.olagos.com
> http://www.olagos.be
> http://www.olagos.nl
> Olagos team
> Heesterbos 5
> 2570 Duffel
> Belgium
>
>
>
>
--
Olagos bvba
http://www.olagos.eu <http://www.olagos.eu/>
http://www.olagos.com
http://www.olagos.be
http://www.olagos.nl
Olagos team
Heesterbos 5
2570 Duffel
Belgium
Re: certificate in PKCS7 format in Ofbiz
Posted by Info Olagos <in...@gmail.com>.
Thanks. !
Very useful document about PKCS12 import.
Heidi
2011/3/16 Christian Geisert <ch...@isu-gmbh.de>
> Info Olagos schrieb:
>
> ok thanks for info.
>>
>> But the certificate in PKCS#12 format (standard) contains both the private
>> key and public key. It is a standard to transfer the certificates from the
>> public certificate provider to my webserver.
>>
>> Because i didn't generate the private key myself. And i didn't request for
>> a
>> certificate to the certificate provider. It was only my provider who
>> generated the private key and the public key.
>>
>
> Uh, the point of a *private* key is that you keep it private...
>
> So your problem now is that you want to import the private key into the
> JKS?
> See http://cunning.sharp.fm/2008/06/importing_private_keys_into_a.html for
> a solution.
>
>
> Christian
>
--
Olagos bvba
http://www.olagos.eu <http://www.olagos.eu/>
http://www.olagos.com
http://www.olagos.be
http://www.olagos.nl
Olagos team
Heesterbos 5
2570 Duffel
Belgium
Re: certificate in PKCS7 format in Ofbiz
Posted by Christian Geisert <ch...@isu-gmbh.de>.
Info Olagos schrieb:
> ok thanks for info.
>
> But the certificate in PKCS#12 format (standard) contains both the private
> key and public key. It is a standard to transfer the certificates from the
> public certificate provider to my webserver.
>
> Because i didn't generate the private key myself. And i didn't request for a
> certificate to the certificate provider. It was only my provider who
> generated the private key and the public key.
Uh, the point of a *private* key is that you keep it private...
So your problem now is that you want to import the private key into the JKS?
See http://cunning.sharp.fm/2008/06/importing_private_keys_into_a.html
for a solution.
Christian
Re: certificate in PKCS7 format in Ofbiz
Posted by Info Olagos <in...@gmail.com>.
ok thanks for info.
But the certificate in PKCS#12 format (standard) contains both the private
key and public key. It is a standard to transfer the certificates from the
public certificate provider to my webserver.
Because i didn't generate the private key myself. And i didn't request for a
certificate to the certificate provider. It was only my provider who
generated the private key and the public key.
So it is possible to have the private key also in the certificate (bundle)
who is sent to me via PKCS#12.
Following the nice information in the cookbook of Ruth Hoffman, it has to
work with PKCS#12.
Regards,
Heidi
2011/3/16 Christian Geisert <ch...@isu-gmbh.de>
> Info Olagos schrieb:
>
> Apparently PKCS7 can not work because it doens't convert the private key
>> and
>> doesn't contain the private key.
>>
>
> A certificate never contains the private key.
>
>
> But i think here we have a wrong information in the WIKI in the technical
>> startup document.
>>
>
> I don't think there's wrong information, it just doesn't explain how to
> setup ssl with an "external" key.
>
>
> So then we have to use PKCS12.
>>
>
> I've used the "ImportKey.java" programm (from
> http://www.agentbob.info/agentbob/79-AB.html) in the past to import
> a private key into the Java Key Store.
>
>
> Christian
>
--
Olagos bvba
http://www.olagos.eu <http://www.olagos.eu/>
http://www.olagos.com
http://www.olagos.be
http://www.olagos.nl
Olagos team
Heesterbos 5
2570 Duffel
Belgium
Re: certificate in PKCS7 format in Ofbiz
Posted by Christian Geisert <ch...@isu-gmbh.de>.
Info Olagos schrieb:
> Apparently PKCS7 can not work because it doens't convert the private key and
> doesn't contain the private key.
A certificate never contains the private key.
> But i think here we have a wrong information in the WIKI in the technical
> startup document.
I don't think there's wrong information, it just doesn't explain how to
setup ssl with an "external" key.
> So then we have to use PKCS12.
I've used the "ImportKey.java" programm (from
http://www.agentbob.info/agentbob/79-AB.html) in the past to import
a private key into the Java Key Store.
Christian
Re: certificate in PKCS7 format in Ofbiz
Posted by Info Olagos <in...@gmail.com>.
Apparently PKCS7 can not work because it doens't convert the private key and
doesn't contain the private key.
But i think here we have a wrong information in the WIKI in the technical
startup document.
So then we have to use PKCS12.
Regards,
Heidi
2011/3/16 Info Olagos <in...@gmail.com>
> Hello,
>
> Thanks for the info.
>
> At the end i have a near working solution for the certificates.
>
> I learned that the keytool doesn't accept anymore .p7b or PKCS7
> certificates.
> So i converted with openssl the PKCS7 certificate back to X.509 certificate
> and that one i imported into the keystore with the keytool.
>
> So far that worked.
> Now the parameters in the ofbiz-container.xml for HTTPS are configured
> also.
>
> But on the level of SSL i have now still a problem. It doesn't recognize
> the ciphers ....
>
> Will be solved and followed up ......
>
> Thanks for knowing that PKCS12 is also ok.
>
> At the end it was a thorough study of certificates before you can logically
> handle them ................
>
> Regards,
> Heidi
>
> 2011/3/16 Jacques Le Roux <ja...@les7arts.com>
>
>> Yes from experience I confirm,
>>
>> PKCS12 is the way
>>
>> Jacques
>>
>>
>> Richard Siddall wrote:
>>
>>> Info Olagos wrote:
>>>
>>>> Hello,
>>>>
>>>> Has anyone already imported a PKCS7 certificate into the java keystore
>>>> for
>>>> use with embedded Tomcat Ofbiz?
>>>>
>>>> Regards,
>>>> Heidi
>>>>
>>>>
>>> I think I had to convert one to PKCS12. IIRC, Java6 lets you use PKCS12
>>> as a key store with key tool. I read that Tomcat can use PKCS12
>>> directly, but I converted mine to the Java keystore format.
>>>
>>> Regards,
>>>
>>> Richard Siddall
>>>
>>
>>
>
>
> --
> Olagos bvba
> http://www.olagos.eu <http://www.olagos.eu/>
> http://www.olagos.com
> http://www.olagos.be
> http://www.olagos.nl
> Olagos team
> Heesterbos 5
> 2570 Duffel
> Belgium
>
>
>
>
--
Olagos bvba
http://www.olagos.eu <http://www.olagos.eu/>
http://www.olagos.com
http://www.olagos.be
http://www.olagos.nl
Olagos team
Heesterbos 5
2570 Duffel
Belgium
Re: certificate in PKCS7 format in Ofbiz
Posted by Info Olagos <in...@gmail.com>.
Hello,
Thanks for the info.
At the end i have a near working solution for the certificates.
I learned that the keytool doesn't accept anymore .p7b or PKCS7
certificates.
So i converted with openssl the PKCS7 certificate back to X.509 certificate
and that one i imported into the keystore with the keytool.
So far that worked.
Now the parameters in the ofbiz-container.xml for HTTPS are configured also.
But on the level of SSL i have now still a problem. It doesn't recognize the
ciphers ....
Will be solved and followed up ......
Thanks for knowing that PKCS12 is also ok.
At the end it was a thorough study of certificates before you can logically
handle them ................
Regards,
Heidi
2011/3/16 Jacques Le Roux <ja...@les7arts.com>
> Yes from experience I confirm,
>
> PKCS12 is the way
>
> Jacques
>
>
> Richard Siddall wrote:
>
>> Info Olagos wrote:
>>
>>> Hello,
>>>
>>> Has anyone already imported a PKCS7 certificate into the java keystore
>>> for
>>> use with embedded Tomcat Ofbiz?
>>>
>>> Regards,
>>> Heidi
>>>
>>>
>> I think I had to convert one to PKCS12. IIRC, Java6 lets you use PKCS12
>> as a key store with key tool. I read that Tomcat can use PKCS12
>> directly, but I converted mine to the Java keystore format.
>>
>> Regards,
>>
>> Richard Siddall
>>
>
>
--
Olagos bvba
http://www.olagos.eu <http://www.olagos.eu/>
http://www.olagos.com
http://www.olagos.be
http://www.olagos.nl
Olagos team
Heesterbos 5
2570 Duffel
Belgium
Re: certificate in PKCS7 format in Ofbiz
Posted by Jacques Le Roux <ja...@les7arts.com>.
Yes from experience I confirm,
PKCS12 is the way
Jacques
Richard Siddall wrote:
> Info Olagos wrote:
>> Hello,
>>
>> Has anyone already imported a PKCS7 certificate into the java keystore for
>> use with embedded Tomcat Ofbiz?
>>
>> Regards,
>> Heidi
>>
>
> I think I had to convert one to PKCS12. IIRC, Java6 lets you use PKCS12
> as a key store with key tool. I read that Tomcat can use PKCS12
> directly, but I converted mine to the Java keystore format.
>
> Regards,
>
> Richard Siddall
Re: certificate in PKCS7 format in Ofbiz
Posted by Richard Siddall <ri...@elirion.net>.
Info Olagos wrote:
> Hello,
>
> Has anyone already imported a PKCS7 certificate into the java keystore for
> use with embedded Tomcat Ofbiz?
>
> Regards,
> Heidi
>
I think I had to convert one to PKCS12. IIRC, Java6 lets you use PKCS12
as a key store with key tool. I read that Tomcat can use PKCS12
directly, but I converted mine to the Java keystore format.
Regards,
Richard Siddall