HomeDigital EditionSys-Con RadioSearch Java Cd
Advanced Java AWT Book Reviews/Excerpts Client Server Corba Editorials Embedded Java Enterprise Java IDE's Industry Watch Integration Interviews Java Applet Java & Databases Java & Web Services Java Fundamentals Java Native Interface Java Servlets Java Beans J2ME Libraries .NET Object Orientation Observations/IMHO Product Reviews Scalability & Performance Security Server Side Source Code Straight Talking Swing Threads Using Java with others Wireless XML

"Certificate Authorization in Your J2EE PKI"
Vol. 7, Issue 7, p. 8


Listing 1: Screen capture of the Certificate Authority key and certificate generation process

openssl req -new -x509 -newkey rsa:2048 -config openssl.cnf -keyout rootCAKey 
	-out rootCACert -days 3650 -rand "install.log:sunnyday.gif"
Loading 'screen' into random state - done
Generating a 2048 bit RSA private key
writing new private key to 'rootCAKey'
Enter PEM pass phrase: [I entered a pass phrase here]
Verifying password - Enter PEM pass phrase: [I confirmed my pass phrase here]
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [US]:
State or Province Name (full name) [Connecticut]:
Locality Name (eg, city) [Glastonbury]:
Organization Name (eg, company) [Tallán, Inc.]:
Organizational Unit Name (eg, section) [Development]:
Common Name (eg, YOUR name) [Eric Simmerman]:
Email Address [Eric.Simmerman@Tallan.com]:

Listing 2: Screen capture of a listing of the default cacerts keystore

Enter keystore password:  changeit
Keystore type: jks
Keystore provider: SUN
Your keystore contains 10 entries:

thawtepersonalfreemailca, Fri Feb 12 15:12:16 EST 1999, trustedCertEntry,
Certificate fingerprint (MD5): 1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9
thawtepersonalbasicca, Fri Feb 12 15:11:01 EST 1999, trustedCertEntry,
Certificate fingerprint (MD5): E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41
verisignclass3ca, Mon Jun 29 13:05:51 EDT 1998, trustedCertEntry,
Certificate fingerprint (MD5): 78:2A:02:DF:DB:2E:14:D5:A7:5F:0A:DF:B6:8E:9C:5D
thawteserverca, Fri Feb 12 15:14:33 EST 1999, trustedCertEntry,
Certificate fingerprint (MD5): C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D
thawtepersonalpremiumca, Fri Feb 12 15:13:21 EST 1999, trustedCertEntry,
Certificate fingerprint (MD5): 3A:B2:DE:22:9A:20:93:49:F9:ED:C8:D2:8A:E7:68:0D
verisignclass4ca, Mon Jun 29 13:06:57 EDT 1998, trusstedCertEntry,
Certificate fingerprint (MD5): 1B:D1:AD:17:8B:7F:22:13:24:F5:26:E2:5D:4E:B9:10
verisignclass1ca, Mon Jun 29 13:06:17 EDT 1998, trustedCertEntry,
Certificate fingerprint (MD5): 51:86:E8:1F:BC:B1:C3:71:B5:18:10:DB:5F:DC:F6:20
verisignserverca, Mon Jun 29 13:07:34 EDT 1998, trustedCertEntry,
Certificate fingerprint (MD5): 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93
thawtepremiumserverca, Fri Feb 12 15:15:26 EST 1999, trustedCertEntry,
Certificate fingerprint (MD5): 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
verisignclass2ca, Mon Jun 29 13:06:39 EDT 1998, trustedCertEntry,
Certificate fingerprint (MD5): EC:40:7D:2B:76:52:67:05:2C:EA:F2:3A:4F:65:F0:D8

Listing 3: Screen capture of a personal key pair generation with the JDK's keytool utility

keytool -genkey -alias Alice -keyalg RSA -keysize 1024 -keystore aliceStore 
	-validity 365 -storepass changeit
What is your first and last name?
  [Unknown]:  Alice
What is the name of your organizational unit?
  [Unknown]:  Client
What is the name of your organization?
  [Unknown]:  Tallán
What is the name of your City or Locality?
  [Unknown]:  Glastonbury
What is the name of your State or Province?
  [Unknown]: Connecticut
What is the two-letter country code for this unit?
  [Unknown]: US
Is <CN=Alice, OU=Client, O=Tallán , L=Glastonbury, ST= Connecticut, C=US> 
  [no]:  yes

Enter key password for <Alice>
        (RETURN if same as keystore password): [Hit RETURN to keep things simple]


Author's Additional Source Code For this article (~ 6.33 KB ~Zip File Format)

All Rights Reserved
Copyright ©  2004 SYS-CON Media, Inc.
  E-mail: info@sys-con.com

Java and Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. SYS-CON Publications, Inc. is independent of Sun Microsystems, Inc.