Getting a CA-signed certificate. . . Futility

Frank Yellin (fy@awe181-20.Sun.COM)
Sun, 14 Mar 1999 22:02:53 -0800

Date: Sun, 14 Mar 1999 22:02:53 -0800
Message-Id: <199903150602.WAA00537@awe181-20.>
From: Frank Yellin <fy@awe181-20.Sun.COM>
To: java-security@java.sun.com
Subject: Getting a CA-signed certificate. . . Futility

I just realized that until such time as one of the following three
things happens:

keytool takes a -provider argument
java looks for the list of providers somewhere other than
the one standard jre/lib/security/java.security file
I download and install my own copy of jdk1.2 instead of using
the one on /usr/local/java/jdk1.2

There is no way that I can possibly get a signed certificate into my
keytool.

When I try to import the "root certificate" from www.thawte.com (not to
be used in a production environment!), I get

pan:~/cs255/project[43] keytool -import -file th.cert
keytool error: Signature not available

Huh? I'm hoping this means that whatever signature is in the file
passed to me isn't one of the standard ones provided by the normal
provider.

When I try to import their signed certificate, without first importing
their certificate:

pan:~/cs255/project[46] keytool -import -file signedcert.result
keytool error: Input not an X.509 certificate

Yet -printcert has no problem . . . . . Some error message somewhere is
lying badly!

keytool -printcert -file signedcert.result
Certificate[1]:
Owner: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA
Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA
Serial number: 0
Valid from: Wed Jul 31 17:00:00 PDT 1996 until: Thu Dec 31 13:59:59 PST 2020
Certificate fingerprints:
MD5: 5E:E0:0E:1D:17:B7:CA:A5:7D:36:D6:02:DF:4D:26:A4
SHA1: 39:C6:9D:27:AF:DC:EB:47:D6:33:36:6A:B2:05:F1:47:A9:B4:DA:EA

Certificate[2]:
Owner: CN=Frank Yellin, OU=Consumer and Embedded, O=Sun Microsystems, L=Palo Alto, ST=CA, C=US
Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA
Serial number: 6a4571
Valid from: Sun Mar 14 21:36:31 PST 1999 until: Wed Apr 14 22:36:31 PDT 1999
Certificate fingerprints:
MD5: D8:49:41:F1:31:61:89:1F:50:7A:16:D8:73:BD:15:53
SHA1: 7F:11:E2:23:35:B1:80:31:B2:31:C4:73:68:F5:26:EA:8D:D1:34:8B

Enough. My need for the CA-signed certificate has passed.

I didn't realize it would be this time-consuming or I would have quit a
while ago.

== Frank