Thread: R: Re: SSL & client config.

R: Re: SSL & client config.

From

"devAng@libero.it"

Date:

16 July 2009, 09:25:35

HI,

there are the step :

>openssl req -new -text -out server.req

enter PEM
pass phrase:       mypassword
verifying enter PEM pass :    mypassword
..

Country name (2 letter code) : ....
..
.
......
Common Name :     computer name

...
a challenge password []:   empty      (no password, simple  return)

output
is:    server.req.

follow

>openssl rsa -in privkey.pem -out server.key

enter
pass phrase for prikey.PEM: mypassword

output is:    server.key

follow:


>openssl  req -x509 -in server.req -text -key server.key -out server.crt


output is:         server.crt

To make the server certificate available to Java
follow:

>openssl x509 -in server.crt -out server.crt.der -outform der


output
is:          server.crt.der

Import this certificate into Java's system
truststore


>keytool -keystore   $JAVA_HOME/lib/security/cacerts -alias
postgresql -import -file c:/Openssl/bin/server.crt.der

password of keystore:
mypassword


Error keytool: java.io.IOException:       Keystore was tampered
with, or password was incorrect.

where is the error ? I'm confused.

HELP.













openssl

>----Messaggio originale----
>Da: laurenz.
albe@wien.gv.at
>Data: 15/07/2009 15.57
>A: <devAng@libero.it>, <pgsql-
jdbc@postgresql.org>
>Ogg: Re: [JDBC] SSL & client config.
>
>devAng wrote:

>> keytool -keystore
>> $JAVA_HOME/lib/security/cacerts -alias postgresql -
import -file server.crt.der
>>
>>
>> error : Keystore was tampered with, or
password was incorrect ?
>>
>> But the
>> password is correct!!!!!!!!
>>
>>
I'm confused help-me please.
>
>Could it be that you mix up the password of the
certificate and the
>password of the Java key store?
>
>http://java.sun.
com/javase/6/docs/technotes/tools/solaris/keytool.html
>
>Yours,
>Laurenz Albe

>
>--
>Sent via pgsql-jdbc mailing list (pgsql-jdbc@postgresql.org)
>To make
changes to your subscription:
>http://www.postgresql.org/mailpref/pgsql-jdbc
>

Re: SSL & client config.

From

"Albe Laurenz"

Date:

16 July 2009, 12:08:12

devAng wrote:
> there are the step :

> >openssl req -new -text -out server.req
> 
> enter PEM 
> pass phrase:       mypassword
> verifying enter PEM pass :    mypassword
> ..

[...]

> Import this certificate into Java's system 
> truststore
> 
> 
> >keytool -keystore   $JAVA_HOME/lib/security/cacerts -alias 
> postgresql -import -file c:/Openssl/bin/server.crt.der
> 
> password of keystore:   
> mypassword
> 
> 
> Error keytool: java.io.IOException:       Keystore was tampered 
> with, or password was incorrect.
> 
> where is the error ? I'm confused.

The way it looks to me, the error is that "mypassword" is not the password
of your Java key store. It is the password for your private key.

Yours,
Laurenz Albe