On Thu, Nov 13, 2003 at 03:31:22PM -0500, [EMAIL PROTECTED] wrote: > Is there a way to import this CAcertificate into a keystore that was > generated using keytool, when the original CSR was generated using > OpenSSL?
Since no one else has responded (yet) I'll go ahead and take a stab at this. The short answer is probably no. OpenSSL and JSSE keytool are like water and oil. Can you say "science project"? But, if you must proceed to try and make this work, here are some ideas that may help. First, it seems that what you need to import is not the cacert but the private key, no? Weblogic supposedly ships with a converter utility for this, you may want to download their demo version and see what it contains. Try googling for ImportPrivateKey utility I've seen it said that an openssl keystore can be used "as is" as a jsse keystore, but that is a long shot. I've also seen references to encoding, like DER vs. PEM and going from one to the other would suffice? If you have a PKCS12 file (public+private key) in the right encoding wouldn't that work? The way to do this that I've had work is to keep openssl and keytool separate from the get go, with distinct CSRs and such. Of course that means separate certificates as well. good luck. -- Some days it's just not worth chewing through the restraints... Mark Foster <[EMAIL PROTECTED]> http://mark.foster.cc/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
