CA certificates, i.e. root.crt goes in to the cacerts file.
Cheers, Tomas ---- http://www.ejbca.org/ On 03/29/2011 09:26 PM, David Patricola wrote:
I’ve found plenty of google results but I am having a disconnect with the install. My server has it’s own server.crt, server.key and root.crt files. My desktop (which I connect successfully to) has postgresql.crt, postgresql.key and the same root.crt, which I used to securely connect via pgAdmin just fine. So, I’m using those 3 same files on my machine and copying them to the other client machine. Every tutorial I go to shows me to insert a .crt file into the cacerts keystore. Which .crt I don’t know because all examples use generic examples. And me knowing zero about Java doesn’t help so I’m using everything I read as gospel. This is what I’ve done so far: E:\JRun4\jre\bin>keytool -importcert -alias dca -file C:\dcacerts\postgresql.crt -keystore E:\Jrun4\jre\lib\security\cacerts So the question is, what did I miss? And, what is PG East? ------------------------------------------------------------------------ *From:*owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] *On Behalf Of *Lou Picciano *Sent:* Tuesday, March 29, 2011 2:58 PM *To:* openssl-users@openssl.org *Subject:* Re: Truststore or Cacerts file? David, We've had to do this a couple of times for a handful of our Java developer clients - as I recall, we googled our way to the solution pretty easily... But, from the wording of your message, it sound like you may be conflating a couple of different things. The certificate and key will be unique to the server, and for each client. The way to think about it: The 'key' file is the unique identity for each 'entity' in your environment, from which all else flows. The 'root' certificate may well be common to all entities; sounds like this is the case you are setting up. You may then specify - if your design dictates it - that each client certificate be _signed_ by the same root certificate. There are a few permutations in there, to be thought about. What you would _not_ be doing is using the same key(s) and cert(s) on both server and client(s). Did not see you at PG East last week? Lou Picciano ----- Original Message ----- From: "David Patricola" <david.patric...@jefferson.edu> To: openssl-users@openssl.org Sent: Tuesday, March 29, 2011 1:16:03 PM Subject: Truststore or Cacerts file? I have a postgres server running in SSL, and set up the self-signed certificates and key on this box as well. I need to install these certificates on a client Java box’s (actually running ColdFusion 8) keystore. Out of postgresql.crt, root.crt and postresql.key, which files do I store? And do they go into the default cacerts file or create a truststore? *David Patricola*| Senior Cold Fusion Developer| Web Applications & Services| JeffersonInformation Technologies *Thomas Jefferson Universtiy*| Philadelphia, PA| 215.503.1715 (Office)
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
