Creating a security certificate with javakey.

I have been writing a couple of applets to access our database server.
Naturally this capability requires extra security privilages from the browser and thusly requires a security certificate.
I set about creating one with the javakey program that comes with JDK.
I got all teh commands right becase the first certificate I made worked.
Next I signed a jar file that worked also.
but when I tried to sign a jar file later on the user was no longer trusted,
and the certificate was gone.
So I tried to create a certificate for that person again.
but when I did the command to create the public key it would just stop.
I tried creating a key for a different user. I tried using less encryption.
I tried three other versions of the javakey program. One of which was on a different computer.


Any ideas why I can't create a public key anymore?
LVL 1
cam_ratAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cam_ratAuthor Commented:
Oh yeah is there a way I can get a certificate trusted by someone trusted for free?
0
JodCommented:
Without seeing exactly what you are doing/typing (can you show this?) it is difficult to say.

Try typing:

javakey -ld

what details do you see? Do you see the identity you created? How did you save the identity and the certificate?

Look at this link to find more details about using javakey:

http://www.javasoft.com/security/usingJavakey.html


In general, you will find info on signing for the big browsers (IE and NN) here:

http://www.suitable.com/Doc_CodeSigning.shtml

Let me know if you have further questions...
0
cam_ratAuthor Commented:
Adjusted points to 300
0
Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

cam_ratAuthor Commented:
When I type javakey -gk myname DSA 512 pubkey

The dos box freezes.
0
heyhey_Commented:
remove all JDKs and reinstall one JDK again.
0
vishoneCommented:

 Why dont you try JDK1.2 and its policytool. Why
 are you still using jayakey of JDK1.1?

 JDK1.2 has got increased security enahancements
 and it is well organized.

0
vishoneCommented:

 Why dont you try JDK1.2 and its policytool. Why
 are you still using jayakey of JDK1.1?

 JDK1.2 has got increased security enahancements
 and it is well organized.

0
zicaiCommented:
Oh yeah is there a way I can get a certificate trusted by someone trusted for free?

If you are using IE, you can set IE to trust everyting from the "trusted zone", and so that you don't have to sign the applets. Of course, you need to ensure that the sites in the "trusted zone" are really trustable:)


Yours sincerely
Zicai - Never succeeded to sign an applet:(
0
JodCommented:
>> When I type javakey -gk myname DSA 512 pubkey


sounds like a corruption of either your certificate database or code.

Just out of interest, what about...

javakey -gk myname DSA 512 pubkey privkey

Can you find your identitydb.obj certificate database and what is the setting of the

identity.database

property.

Try recreating your database like this:


Create the system's identity database in a secure area of the file system. Add the property

      identity.database=/a/safe/directory/systemdb.obj

to the property file found in

      $DESTDIR/lib/security/java.security

where DESTDIR is the name of the directory where you installed JDK 1.1.
0
Ravindra76Commented:

listening........ :) :) :)
0
cam_ratAuthor Commented:
I have to wait till i get bak to work to try your suggestions..
WIll keep you all posted.
BTW.. I don't think a reinstall will work... I have done that.. I have tried JDKs on other computers as well as other opperating systems...
um I'll donwload the lastest JDK>. and give it a try..
I'lll add another comment if i need more help.
0
cam_ratAuthor Commented:
Ok I have checked out JDK 1.2.2
it comes with three programs
policy tool, jarsigner and keytool.
I can't make head nor tail of these programs.. can someone explain what each of for and how to use them.
As for this policy tool..
It doesn't appear to do everything.. it looks like it will create the certificate but not the key.. is this right?
0
vishoneCommented:

 Try this URL
      http://java.sun.com/docs/books/tutorial/security1.2

 And follow the Trail Lessons, it is a very good tutorial,
 still if you have any questions, I am glad to write to you.
0
JodCommented:
In short...

The keytool tool can be used to

Create private keys and their associated public key certificates

Issue certificate requests, which you send to the appropriate certification authority

Import certificate replies, obtained from the certification authority you contacted

Import public key certificates belonging to other parties as trusted certificates

Manage your keystore



Jarsigner...

....is used to sign a jar file with certificates you have created with keytool.


Policy Tool...

....is used to grant certain permissions to jar files signed by a particular signer. It just creates policy files for you so you can manage what permissions you wish to grant easily.

Make sense?

The overview is here:

http://java.sun.com/docs/books/tutorial/security1.2/summary/tools.html

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Java

From novice to tech pro — start learning today.