- From: Lapo TIN <lapolapolapo@tin.it>
- Date: Fri, 29 Apr 2005 17:27:02 +0200
- To: <www-jigsaw@w3.org>, <simon@w3.org>
- Message-ID: <02dc01c54ccf$e4f01e10$4200a8c0@LapoHP>
I'm using jigsaw, and i'm using an usb token for server authentication. I follo winstructions in http://www.w3.org/Jigsaw/Doc/User/ssl.html "for using hardware tokens to store your server certificate, you must install the PKCS#11 driver software for your token and add the SUN PKCS#11 provider bridge to the security configuration file of your java runtime environment ..." and it works !!!! my problem now is that the certificate i have generated on my token is not SIGNED yet by a CA. so I generated the request, i give to my CA and the give me back the signed certificate. HOW CAN I IMPORT BACK ON THE TOKEN and update the certificate on the token ?? it gives me errrors I did these steps: 1) generation of keypair on the usb token "keytool -genkey -alias lapo -keystore NONE -storetype PKCS11 -keyalg "RSA" -validity 365" 2) request a certificate sign, it export a csr file on disk "keytool -certreq -alias lapo -keystore NONE -storetype PKCS11 -file lapo_certreq.csr" 3) I give the file to the CA, CA signs with openssl, and generates the file lapo_cert.cer 4) then I would like to import the signed certificate on PKCS11 keystore to update it.... but it needs the root CA certificate in the PKCS11 Keystor to rebuild the chain.. in fact it says: "keytool -import -alias lapo -keystore NONE -storetype PKCS11 -file lapo_cert.cer " java error "impossibile stabilire la catena dalla risposta" so first I try to import the CA certificate but it says error again "keytool -import -alias root -keystore NONE -storetype PKCS11 -file cacert.cer " "trusted certificates may only be set by token initialization application" I tried with many different model of usb token... same errors... why ?!?!? thanks in advanceeeeee and sorry for my english Ing. Lapo Consortini
Received on Friday, 29 April 2005 15:27:41 UTC