Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Certificate not importing into Keystore correctly

843811Dec 4 2008 — edited Dec 15 2008
I'm having trouble presenting a certificate that I've traced back to the cert not importing correctly into the keystore. This issue only occurs in our old JRE 1.3 environment. When doing the same import in JRE 1.4 everything is working fine.

Here is the output from the keytool import:
1.4 ----------------------------------------------
D:\>keytool -import -file mycompany.com.der -alias myKey -keystore keystore.jks
Enter keystore password: importkey
Owner: CN=*.mycompany.com, O=MYCOMPANY, L=Paris, ST=Paris, C=FR
Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Serial number: 48f7f079b34bb199a8692d09df6cb0e9
Valid from: Fri Apr 25 07:08:26 CDT 2008 until: Sun Apr 25 07:08:26 CDT 2010
Certificate fingerprints:
MD5: 41:8B:D2:66:74:0B:3E:5C:E9:09:1F:55:DE:09:D8:76
SHA1: F4:9D:5A:8E:6C:ED:66:D4:14:53:C5:6D:19:BB:8F:19:FE:76:79:18
Trust this certificate? [no]: yes
Certificate was added to keystore

1.3 --------------------------------------------------
E:\>keytool -import -file mycompany.com.der -keystore keystore.jks
Enter keystore password: importkey
Owner: CN=#0C0C2A2E687562776F6F2E636F6D, O=MYCOMPANY, L=Paris, ST=Paris, C=FR
Issuer: EmailAddress=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Serial number: 48f7f079b34bb199a8692d09df6cb0e9
Valid from: Fri Apr 25 07:08:26 CDT 2008 until: Sun Apr 25 07:08:26 CDT 2010
Certificate fingerprints:
MD5: 41:8B:D2:66:74:0B:3E:5C:E9:09:1F:55:DE:09:D8:76
SHA1: F4:9D:5A:8E:6C:ED:66:D4:14:53:C5:6D:19:BB:8F:19:FE:76:79:18
Trust this certificate? [no]: yes
Certificate was added to keystore

-------------------------------------------------------------
Notice the Owner is not correct in 1.3. Does anyone have any ideas what would cause this? Is this cert using an encryption that was not supported until 1.4? Even if I use the keystore generated from 1.4 the system can't decrypt it properly when connection to the site in 1.3.
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jan 12 2009
Added on Dec 4 2008
#cryptography
8 comments
263 views