Menu
▾
▴
[gridsam-discuss] About Keystore
|
From: 田中 義一 <yt...@gr...> - 2009-01-22 08:31:10
|
Hi;
I am trying to replace the omii-uk temporal certificate with personal certificates provided by my personal CA. But error has occurred in tomcat when replaceing keystore file and start the omii_server.
I have made the keystore file as follows.
1.Generate a key pair within keystore
keytool -genkey -keyalg RSA -alias omii_server -keystore omii.ks
Java version jdk-1.5.0_13
2.Generate a Certificate Signing Request from the key pair.
#keytool -certreq -alias omii_server -keystore omii.ks -file server.csr
3.Get the CSR signed by the personal demoCA
#openssl ca -keyfile openssl/demoCA/private/cakey.pem -cert openssl/demoCA/cacert.pem -in server.csr -out server.crt
openssl version OpenSSL 0.9.6k
openssl.conf is used as default value except file location.
4.Import the CA's certificate into keystore file.
#keytool -import -file openssl/demoCA/cacert.pem -alias omii_ca -keystore omii.ks
5.Import the singed certificate into keystore
#openssl x509 -in server.crt -out server.x509
#keytool -import -file server.x509 -alias omii_server -keystore omii.ks
6.set omii.ks in <OMII_server> directory and restart omii_server
7.Error received in OMII/tomcat/logs/Catalina.out
22-Jan-2009 15:31:03 org.apache.catalina.startup.ContextConfig validateSecurityRoles
WARNING: Security role name ahefilestage used in an <auth-constraint> without being defined in a <security-role>
- cgi: init: loglevel set to 0
- cgi: init: read environment variable file /home/omii/OMII/tomcat/webapps/ahe/config/envvars.properties
22-Jan-2009 15:31:08 org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on http-18443
22-Jan-2009 15:31:08 org.apache.tomcat.util.threads.ThreadPool$ControlRunnable run
SEVERE: Caught exception (java.lang.RuntimeException: Failed to get private key) executing org.apache.tomcat.util.net.LeaderFollowerWorkerThread@3ba002, terminating thread
22-Jan-2009 15:31:08 org.apache.tomcat.util.threads.ThreadPool$ControlRunnable run
SEVERE: Caught exception (java.lang.RuntimeException: Failed to get private key) executin
Content of the keystore is as follows.
#keytool -v -list -keystore omii.ks
Enter keystore password: tmpstore
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: omii_ca
Creation date: Jan 22, 2009
Entry type: trustedCertEntry
Owner: EMAILADDRESS=ro...@pb..., CN=NAREGICA, OU=NAREGI, O=NII, L=Chiyoda, ST=Tokyo, C=JP
Issuer: EMAILADDRESS=ro...@pb..., CN=NAREGICA, OU=NAREGI, O=NII, L=Chiyoda, ST=Tokyo, C=JP
Serial number: 0
Valid from: Thu Jan 22 15:13:56 JST 2009 until: Fri Jan 22 15:13:56 JST 2010
Certificate fingerprints:
MD5: 99:5D:FA:6C:00:F1:A2:51:95:E7:A7:82:F5:D8:4C:AC
SHA1: C0:47:08:0D:83:9B:D8:7A:F6:5C:71:1F:D5:B6:1F:4F:EC:D0:04:98
*******************************************
*******************************************
Alias name: omii_server
Creation date: Jan 22, 2009
Entry type: keyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=pbg2007.naregi.org, OU=NAREGI, O=NII, ST=Tokyo, C=JP
Issuer: EMAILADDRESS=ro...@pb..., CN=NAREGICA, OU=NAREGI, O=NII, L=Chiyoda, ST=Tokyo, C=JP
Serial number: 1
Valid from: Thu Jan 22 15:22:23 JST 2009 until: Fri Jan 22 15:22:23 JST 2010
Certificate fingerprints:
MD5: 29:92:71:B3:38:DC:AD:73:73:A7:32:36:A7:3C:D2:88
SHA1: 88:89:B2:59:BC:07:53:35:23:0E:AE:7F:2E:F9:77:DE:0B:20:94:BB
Certificate[2]:
Owner: EMAILADDRESS=ro...@pb..., CN=NAREGICA, OU=NAREGI, O=NII, L=Chiyoda, ST=Tokyo, C=JP
Issuer: EMAILADDRESS=ro...@pb..., CN=NAREGICA, OU=NAREGI, O=NII, L=Chiyoda, ST=Tokyo, C=JP
Serial number: 0
Valid from: Thu Jan 22 15:13:56 JST 2009 until: Fri Jan 22 15:13:56 JST 2010
Certificate fingerprints:
MD5: 99:5D:FA:6C:00:F1:A2:51:95:E7:A7:82:F5:D8:4C:AC
SHA1: C0:47:08:0D:83:9B:D8:7A:F6:5C:71:1F:D5:B6:1F:4F:EC:D0:04:98
*******************************************
*******************************************
Any help with this would be greatly appreciated.
Many thanks in advance.
Regards
NAREGI(Reaearch for Grid Research and Development)
Yoshikazu Tanaka
|
