Solved

If I generate a self signed certificate, does it need to be imported to the truststore on the same host?

Posted on 2013-01-08
5
2,651 Views
Last Modified: 2013-01-11
Hi,
If I generate a self signed certificate from host ABC, does the certificate need to be imported to the truststore on the same host ABC to do a url openconnection https://ABC?

When i do a url.openConnection("https://ABC")
I am getting  javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present

But if I try to import the generated self-signed certificate using keytool, it says
keytool error: java.lang.Exception: Certificate reply and certificate in keystore are identical
java.lang.Exception: Certificate reply and certificate in keystore are identical

Thanks
Jamie
0
Comment
Question by:jamie_lynn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 27

Accepted Solution

by:
mrcoffee365 earned 500 total points
ID: 38759412
Can't quite tell from your description.  Did you follow the instructions on the tomcat site for using self-signed certs?
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

Did you actually create a domain name called "ABC"?  Because usually that will not work -- it has to have a name like "abc.com" for the cert to get applied correctly.  You'll get this error if you use an IP address as the CN name in your cert as well.

This all works if you add your fake domain to your hosts file
127.0.0.1 www.myabc.com

Then create a cert for www.myabc.com as if it were a normal cert (using keytool).  Don't identify it as "localhost" or other shorthand names.

Then use that keystore as Tomcat's ssl keystore.  We do this all the time and it's fine.

Except for the chrome browser, which has serious deficiencies in this area.  But Firefox and even IE are fine.
0
 

Author Comment

by:jamie_lynn
ID: 38765107
ABC is just an example hostname. My real hostname is different. My domain and hostname are fine.

I set the alias using keytool as the FQDN.

What do you mean by chrome browser has a serious deficiencies in this area?

Thanks
Jamie
0
 

Author Comment

by:jamie_lynn
ID: 38765173
I am using command below to import the certificate.

keytool -import -v -trustcacerts -keystore mykeystore.ks -alias ABC.corp.com -file /tmp/abc.der -keypass changeit -storepass changeit

Am i missing something?

Thanks
Jamie
0
 

Author Comment

by:jamie_lynn
ID: 38765476
I found out why.. I was using the ipaddress on the URL instead of the DNS hostname that is the CN in the certificate.

 javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
means that hostname used and the CN didn't match

Thanks!
0
 
LVL 27

Expert Comment

by:mrcoffee365
ID: 38765882
Yes, as I responded to you above: "You'll get this error if you use an IP address as the CN name in your cert as well."

Good luck!
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Java had always been an easily readable and understandable language.  Some relatively recent changes in the language seem to be changing this pretty fast, and anyone that had not seen any Java code for the last 5 years will possibly have issues unde…
Introduction This article is the second of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers the basic installation and configuration of the test automation tools used by…
Viewers will learn about arithmetic and Boolean expressions in Java and the logical operators used to create Boolean expressions. We will cover the symbols used for arithmetic expressions and define each logical operator and how to use them in Boole…
This tutorial will introduce the viewer to VisualVM for the Java platform application. This video explains an example program and covers the Overview, Monitor, and Heap Dump tabs.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question