In fact, I had problem with X509v1 server cert. I didn't have problem with
v3 cert when I generate the ca cert. When I signed a csr wih a ca cert (got
v1 cert), I got the format problem.
Xiaohua
----- Original Message -----
From: Michael Ströder <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, December 19, 2000 10:58 AM
Subject: Re: Sun's Java keytool and OpenSSL RSA cert
> Xiaohua Cheng wrote:
> >
> > So, now keytool can recognize the certificate your OpenSSL generates?
>
> Yes. keytool of JDK 1.3, X509v3 server cert with some extensions.
>
> > It always returns
> > "unrecognized format" when I was trying to import certificate generated
> > with OpenSSL into the keystore.
>
> Try to convert it to DER format with openssl x509 -outform der to
> avoid any format problems.
>
> > I sent the message to user group and nobody
> > replied. Could you let me know what you did step by step?
>
> Assuming you already have a valid key store.
> keytool -genkey -alias "test"
> keytool -certreq -file test.req -alias "test"
> openssl ca ... -in test.req -out test.crt
> keytool -import -file test.crt -alias "test"
>
> I might have forgotten some options. See keytool -h. It's not that
> different from using openssl.
>
> Ciao, Michael.
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
