Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

If I generate a self signed certificate, does it need to be imported to the truststore on the same host?

Posted on 2013-01-08
5
2,598 Views
Last Modified: 2013-01-11
Hi,
If I generate a self signed certificate from host ABC, does the certificate need to be imported to the truststore on the same host ABC to do a url openconnection https://ABC?

When i do a url.openConnection("https://ABC")
I am getting  javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present

But if I try to import the generated self-signed certificate using keytool, it says
keytool error: java.lang.Exception: Certificate reply and certificate in keystore are identical
java.lang.Exception: Certificate reply and certificate in keystore are identical

Thanks
Jamie
0
Comment
Question by:jamie_lynn
  • 3
  • 2
5 Comments
 
LVL 27

Accepted Solution

by:
mrcoffee365 earned 500 total points
ID: 38759412
Can't quite tell from your description.  Did you follow the instructions on the tomcat site for using self-signed certs?
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

Did you actually create a domain name called "ABC"?  Because usually that will not work -- it has to have a name like "abc.com" for the cert to get applied correctly.  You'll get this error if you use an IP address as the CN name in your cert as well.

This all works if you add your fake domain to your hosts file
127.0.0.1 www.myabc.com

Then create a cert for www.myabc.com as if it were a normal cert (using keytool).  Don't identify it as "localhost" or other shorthand names.

Then use that keystore as Tomcat's ssl keystore.  We do this all the time and it's fine.

Except for the chrome browser, which has serious deficiencies in this area.  But Firefox and even IE are fine.
0
 

Author Comment

by:jamie_lynn
ID: 38765107
ABC is just an example hostname. My real hostname is different. My domain and hostname are fine.

I set the alias using keytool as the FQDN.

What do you mean by chrome browser has a serious deficiencies in this area?

Thanks
Jamie
0
 

Author Comment

by:jamie_lynn
ID: 38765173
I am using command below to import the certificate.

keytool -import -v -trustcacerts -keystore mykeystore.ks -alias ABC.corp.com -file /tmp/abc.der -keypass changeit -storepass changeit

Am i missing something?

Thanks
Jamie
0
 

Author Comment

by:jamie_lynn
ID: 38765476
I found out why.. I was using the ipaddress on the URL instead of the DNS hostname that is the CN in the certificate.

 javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
means that hostname used and the CN didn't match

Thanks!
0
 
LVL 27

Expert Comment

by:mrcoffee365
ID: 38765882
Yes, as I responded to you above: "You'll get this error if you use an IP address as the CN name in your cert as well."

Good luck!
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Error in @AspectJ Based AOP with Spring 2 18
jsp login check 12 42
How to convert from xls to xlsx using java 7 55
Cisco ASA: Java web start no go, asdm launcher no go 3 34
For beginner Java programmers or at least those new to the Eclipse IDE, the following tutorial will show some (four) ways in which you can import your Java projects to your Eclipse workbench. Introduction While learning Java can be done with…
In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
Viewers will learn about the different types of variables in Java and how to declare them. Decide the type of variable desired: Put the keyword corresponding to the type of variable in front of the variable name: Use the equal sign to assign a v…
This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question