keytool, pkcs11 and certificare request and signed certificate
843811Apr 29 2005 — edited Apr 29 2005My problem is
"HOW CAN I IMPORT BACK ON THE TOKEN (to update) the certificate on the token ??
it gives me errrors..
let's explain better:
I did these steps:
1) I generate a keypair on the usb token
"keytool -genkey -alias lapo -keystore NONE -storetype PKCS11 -keyalg
"RSA" -validity 365"
it works.
2) I make a request certificate to sign it by a CA, so it exports a csr-file on disk
"keytool -certreq -alias lapo -keystore NONE -storetype PKCS11 -file
lapo_certreq.csr"
it works.
3) I give the file to the CA, CA signs with openssl, and generates the file
lapo_cert.cer
perfect. certificates are ok.
4) then I would like to import the signed certificate on PKCS11 keystore to
update it.... but it needs the root CA certificate in the PKCS11 Keystor to
rebuild the chain.. in fact it says:
"keytool -import -alias lapo -keystore NONE -storetype PKCS11 -file
lapo_cert.cer "
java error "impossibile stabilire la catena dalla risposta"
so first I try to import the CA certificate but it says error again
"keytool -import -alias root -keystore NONE -storetype PKCS11 -file
cacert.cer "
"trusted certificates may only be set by token initialization application"
I tried with many different model of usb token... same errors...
why ?!?!?
thanks in advance for helping me.
Lapo