Environment:
JBoss-4.2.1.GA
Java 1.5.0_11
OpenSSL 0.9.8g
Is there a way to set Netscape Cert Type property to SSL Client while exporting it to
PKCS12 certificate using OpenSSL?
I created a client certificate using the following steps:
a. Generated key pair using Keytool
b. Generated CSR and got it signed by the CA (Verisign)
c. Imported signed certificate and all Root + Intermediate authorities in client
keystore for proper certificate chaining
d Exported private key from the keystore
e. Used OpenSSL command to export pkcs12 certificate:
openssl pkcs12 - export -out client.p12 -inkey client.pem -in client.cer - passout
pass:*********
This certificate gets installed in both IE and Firefox successfully, however the Netscape
Cert Type attribute shows: SSL Server Authentication This causes the following exception
on the server side (Sun JVM) when passed through the browser:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: Netscape
cert type does not permit use for SSL client
When I used a another pkcs12 certificate generated by IIS, that worked fine as its
Netscape Cert Type attribute was set correctly to SSL Client.
I came across nscerttype attribute but it seems it's only applicable to openssl
commands: ca, req and x509.
TIA
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4139734#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...