Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-4973 Security Guide for EAP 5.1 - Tracking Issue
  3. JBPAPP-5088

SecGuide 5.1: 16.2.1.1. Generate a keypair - suggestions

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Major Major
    • EAP_EWP 5.1.0
    • EAP_EWP 5.1.0_CR3
    • Documentation
    • None

      Josh,

      I have couple of suggestions regarding generation of self signed certificate.
      One can use following option combination to generate cert. in one go.
      keytool -genkey -alias ejb-ssl -keystore localhost.keystore -storepass EJB-SSL_KEYPAIR_PASSWORD -keypass EJB-SSL_KEYPAIR_PASSWORD-dname "CN=localhost,OU=QE,O=redhat.com,L=Brno,C=CZ"

      Especially important is part -dname where CN must contain name of server which will use the certificate in its https connector.
      My example is for localhost usage. Certificate has to have CN=server_name from this example scheme https://server_name:8443/invoker/JNDIFactory. If not, user will get "javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching" exception.

      Can you incorporate this to the section 16.2.1.1, please?

              jwulf_jira Joshua Wulf (Inactive)
              pskopek@redhat.com Peter Skopek
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: