cam_rat
asked on
Creating a security certificate with javakey.
I have been writing a couple of applets to access our database server.
Naturally this capability requires extra security privilages from the browser and thusly requires a security certificate.
I set about creating one with the javakey program that comes with JDK.
I got all teh commands right becase the first certificate I made worked.
Next I signed a jar file that worked also.
but when I tried to sign a jar file later on the user was no longer trusted,
and the certificate was gone.
So I tried to create a certificate for that person again.
but when I did the command to create the public key it would just stop.
I tried creating a key for a different user. I tried using less encryption.
I tried three other versions of the javakey program. One of which was on a different computer.
Any ideas why I can't create a public key anymore?
Naturally this capability requires extra security privilages from the browser and thusly requires a security certificate.
I set about creating one with the javakey program that comes with JDK.
I got all teh commands right becase the first certificate I made worked.
Next I signed a jar file that worked also.
but when I tried to sign a jar file later on the user was no longer trusted,
and the certificate was gone.
So I tried to create a certificate for that person again.
but when I did the command to create the public key it would just stop.
I tried creating a key for a different user. I tried using less encryption.
I tried three other versions of the javakey program. One of which was on a different computer.
Any ideas why I can't create a public key anymore?
Without seeing exactly what you are doing/typing (can you show this?) it is difficult to say.
Try typing:
javakey -ld
what details do you see? Do you see the identity you created? How did you save the identity and the certificate?
Look at this link to find more details about using javakey:
http://www.javasoft.com/security/usingJavakey.html
In general, you will find info on signing for the big browsers (IE and NN) here:
http://www.suitable.com/Doc_CodeSigning.shtml
Let me know if you have further questions...
Try typing:
javakey -ld
what details do you see? Do you see the identity you created? How did you save the identity and the certificate?
Look at this link to find more details about using javakey:
http://www.javasoft.com/security/usingJavakey.html
In general, you will find info on signing for the big browsers (IE and NN) here:
http://www.suitable.com/Doc_CodeSigning.shtml
Let me know if you have further questions...
ASKER
Adjusted points to 300
ASKER
When I type javakey -gk myname DSA 512 pubkey
The dos box freezes.
The dos box freezes.
remove all JDKs and reinstall one JDK again.
Why dont you try JDK1.2 and its policytool. Why
are you still using jayakey of JDK1.1?
JDK1.2 has got increased security enahancements
and it is well organized.
Why dont you try JDK1.2 and its policytool. Why
are you still using jayakey of JDK1.1?
JDK1.2 has got increased security enahancements
and it is well organized.
Oh yeah is there a way I can get a certificate trusted by someone trusted for free?
If you are using IE, you can set IE to trust everyting from the "trusted zone", and so that you don't have to sign the applets. Of course, you need to ensure that the sites in the "trusted zone" are really trustable:)
Yours sincerely
Zicai - Never succeeded to sign an applet:(
If you are using IE, you can set IE to trust everyting from the "trusted zone", and so that you don't have to sign the applets. Of course, you need to ensure that the sites in the "trusted zone" are really trustable:)
Yours sincerely
Zicai - Never succeeded to sign an applet:(
>> When I type javakey -gk myname DSA 512 pubkey
sounds like a corruption of either your certificate database or code.
Just out of interest, what about...
javakey -gk myname DSA 512 pubkey privkey
Can you find your identitydb.obj certificate database and what is the setting of the
identity.database
property.
Try recreating your database like this:
Create the system's identity database in a secure area of the file system. Add the property
identity.database=/a/safe/ directory/ systemdb.o bj
to the property file found in
$DESTDIR/lib/security/java .security
where DESTDIR is the name of the directory where you installed JDK 1.1.
sounds like a corruption of either your certificate database or code.
Just out of interest, what about...
javakey -gk myname DSA 512 pubkey privkey
Can you find your identitydb.obj certificate database and what is the setting of the
identity.database
property.
Try recreating your database like this:
Create the system's identity database in a secure area of the file system. Add the property
identity.database=/a/safe/
to the property file found in
$DESTDIR/lib/security/java
where DESTDIR is the name of the directory where you installed JDK 1.1.
listening........ :) :) :)
ASKER
I have to wait till i get bak to work to try your suggestions..
WIll keep you all posted.
BTW.. I don't think a reinstall will work... I have done that.. I have tried JDKs on other computers as well as other opperating systems...
um I'll donwload the lastest JDK>. and give it a try..
I'lll add another comment if i need more help.
WIll keep you all posted.
BTW.. I don't think a reinstall will work... I have done that.. I have tried JDKs on other computers as well as other opperating systems...
um I'll donwload the lastest JDK>. and give it a try..
I'lll add another comment if i need more help.
ASKER
Ok I have checked out JDK 1.2.2
it comes with three programs
policy tool, jarsigner and keytool.
I can't make head nor tail of these programs.. can someone explain what each of for and how to use them.
As for this policy tool..
It doesn't appear to do everything.. it looks like it will create the certificate but not the key.. is this right?
it comes with three programs
policy tool, jarsigner and keytool.
I can't make head nor tail of these programs.. can someone explain what each of for and how to use them.
As for this policy tool..
It doesn't appear to do everything.. it looks like it will create the certificate but not the key.. is this right?
Try this URL
http://java.sun.com/docs/books/tutorial/security1.2
And follow the Trail Lessons, it is a very good tutorial,
still if you have any questions, I am glad to write to you.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER