X509 certificates

From: ap70 (ap70_at_discussions.microsoft.com)
Date: 06/24/05 

Date: Fri, 24 Jun 2005 09:23:11 -0700

Hi there,

How do i create X509 certificates for server authentication. I want to use
JNDI API to access data from AD using SSL. Here is my scenario.

1. Win 2003 box on a private domain 'mydomain.net'.
2. Active directory domain controller is obviously has
FQDN=<myhost>.mydomain.net
3. My certification authority is set up with enterprise root as
'my-enterprise (i tried standalone CA also).
4. I followed the steps on
http://support.microsoft.com/default.aspx?scid=kb;en-us;321051#XSLTH3154121122120121120120
 but my client can not trust the certificate. It throws an exception -
"javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: Could not find trusted certificate"
5. My client is on the same machine.
6. i am using 'keytool' to import the certifcate into my JRE's cert store.

Any help will be appreciated.

Thanks
Anup

Relevant Pages

  • Re: Cannot request computer certificate.
    ... >problem since you can not request a certificate while logged onto the CA. ... Verify that you can ping it by name and IP address from the client ... >> Kerberos, or dns. ... >> List of NetBt transports currently bound to the Redir ...
    (microsoft.public.windows.server.security)
  • Re: The message must contain a wsa:To header
    ... My client app is not generating a trace file. ... the client is not applying the WSE policy at all because of an ... at ApplicationMessagingWS.Dispatch(String messageType, String ... look for a certificate with this subject name in the certificate store ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: L2TP/IPSec from XP client to Windows 2003 Server
    ... ie no valid cert found on client - contacted Microsoft ... Windows Server 2003 Certificate Authority running ... The next step is to install Certificate Services on the Windows Server ... From Networks Connections on the client, ...
    (microsoft.public.security)
  • Re: Cannot request computer certificate.
    ... I would verify that the certificate services service is running and set to ... Verify that you can ping it by name and IP address from the client ... > Kerberos, or dns. ... > List of NetBt transports currently bound to the Redir ...
    (microsoft.public.windows.server.security)
  • SNA 3270 to IP TN3270 Conversion =?ISO-8859-1?Q?=96?= Data Stream Encryption
    ... asked them on their thoughts regarding data stream encryption, ... which means that all data is encrypted before it is sent to the client. ... certificate and the keys from three different places: ... SSL client authentication provides additional authentication and access ...
    (bit.listserv.ibm-main)