Solved

If I generate a self signed certificate, does it need to be imported to the truststore on the same host?

Posted on 2013-01-08
5
2,548 Views
Last Modified: 2013-01-11
Hi,
If I generate a self signed certificate from host ABC, does the certificate need to be imported to the truststore on the same host ABC to do a url openconnection https://ABC?

When i do a url.openConnection("https://ABC")
I am getting  javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present

But if I try to import the generated self-signed certificate using keytool, it says
keytool error: java.lang.Exception: Certificate reply and certificate in keystore are identical
java.lang.Exception: Certificate reply and certificate in keystore are identical

Thanks
Jamie
0
Comment
Question by:jamie_lynn
  • 3
  • 2
5 Comments
 
LVL 27

Accepted Solution

by:
mrcoffee365 earned 500 total points
ID: 38759412
Can't quite tell from your description.  Did you follow the instructions on the tomcat site for using self-signed certs?
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

Did you actually create a domain name called "ABC"?  Because usually that will not work -- it has to have a name like "abc.com" for the cert to get applied correctly.  You'll get this error if you use an IP address as the CN name in your cert as well.

This all works if you add your fake domain to your hosts file
127.0.0.1 www.myabc.com

Then create a cert for www.myabc.com as if it were a normal cert (using keytool).  Don't identify it as "localhost" or other shorthand names.

Then use that keystore as Tomcat's ssl keystore.  We do this all the time and it's fine.

Except for the chrome browser, which has serious deficiencies in this area.  But Firefox and even IE are fine.
0
 

Author Comment

by:jamie_lynn
ID: 38765107
ABC is just an example hostname. My real hostname is different. My domain and hostname are fine.

I set the alias using keytool as the FQDN.

What do you mean by chrome browser has a serious deficiencies in this area?

Thanks
Jamie
0
 

Author Comment

by:jamie_lynn
ID: 38765173
I am using command below to import the certificate.

keytool -import -v -trustcacerts -keystore mykeystore.ks -alias ABC.corp.com -file /tmp/abc.der -keypass changeit -storepass changeit

Am i missing something?

Thanks
Jamie
0
 

Author Comment

by:jamie_lynn
ID: 38765476
I found out why.. I was using the ipaddress on the URL instead of the DNS hostname that is the CN in the certificate.

 javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
means that hostname used and the CN didn't match

Thanks!
0
 
LVL 27

Expert Comment

by:mrcoffee365
ID: 38765882
Yes, as I responded to you above: "You'll get this error if you use an IP address as the CN name in your cert as well."

Good luck!
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
allswap challenge 6 96
eclipse shortcuts 9 54
web application structure 18 76
Why my table column Id is not passed to java object? 4 38
In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
Basic understanding on "OO- Object Orientation" is needed for designing a logical solution to solve a problem. Basic OOAD is a prerequisite for a coder to ensure that they follow the basic design of OO. This would help developers to understand the b…
Viewers learn about the scanner class in this video and are introduced to receiving user input for their programs. Additionally, objects, conditional statements, and loops are used to help reinforce the concepts. Introduce Scanner class: Importing…
This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now