trouble with self-signed SSL certificates for Solaris (iPlanet/SunOne/Sun Java System) web server

trouble with self-signed SSL certificates for Solaris (iPlanet/SunOne/Sun Java System) web server

am 02.10.2007 08:12:39 von The Derfer

Usually for Apache under a Linux OS, I use openssl to create a
self-signed SSL certificate using instructions similar to what you
find at a helpful site like:

http://www.akadia.com/services/ssh_test_certificate.html


And once generated I can copy the ssl.crt and ssl.key
files to the appropriate directory and they work fine.


But doing this same procedure for a Solaris box with Sun Java System
Web Server (formerly Sun One, formerly iPlanet) does not seem even
relevant.

I can generate the cert and key fine using the same openssl commands
(such as 'openssl req -new -key server.key -out server.csr' or
similar)
but the directory in which keys are stored has keys stored in some
other
format and they look completely different. There's a 'cert7.db' or
'cert8.db'
file, along with other .db files for the individual instances that use
SSL.

How can I convert the .key and .crt files I've made to .db files so
that iPlanet/Sun One/Sun Java System web server will recognize and use
them? Or is that even possible? Is there a better or more germaine
way
to generate self-signed SSL certs for a server that runs on a Solaris
(9 in my case) box using aforementioned web servers?

Thanks in advance to anyone who can help.

-The Derfer

Re: trouble with self-signed SSL certificates for Solaris (iPlanet/SunOne/SunJava System) web server

am 02.10.2007 09:20:08 von David McKenzie

The Derfer wrote:
> Usually for Apache under a Linux OS, I use openssl to create a
> self-signed SSL certificate using instructions similar to what you
> find at a helpful site like:
>
> http://www.akadia.com/services/ssh_test_certificate.html
>
>
> And once generated I can copy the ssl.crt and ssl.key
> files to the appropriate directory and they work fine.
>
>
> But doing this same procedure for a Solaris box with Sun Java System
> Web Server (formerly Sun One, formerly iPlanet) does not seem even
> relevant.
>
> I can generate the cert and key fine using the same openssl commands
> (such as 'openssl req -new -key server.key -out server.csr' or
> similar)
> but the directory in which keys are stored has keys stored in some
> other
> format and they look completely different. There's a 'cert7.db' or
> 'cert8.db'
> file, along with other .db files for the individual instances that use
> SSL.
>
> How can I convert the .key and .crt files I've made to .db files so
> that iPlanet/Sun One/Sun Java System web server will recognize and use
> them? Or is that even possible? Is there a better or more germaine
> way
> to generate self-signed SSL certs for a server that runs on a Solaris
> (9 in my case) box using aforementioned web servers?
>
> Thanks in advance to anyone who can help.
>
> -The Derfer
>
You're best off asking comp.unix.solaris

--
DM davidm@cia.com.au

'It would go against respecting principles and truth if you have to
respect and accept anything just because it is the other side's view.'
- Kim Jung Ill