[ale] Certificate Signing

Thu Jan 16 22:11:33 EST 2003

On Thu, Jan 16, 2003 at 11:36:20PM +0000, cfowler wrote:
> We have a software package that ahs the file 'stunnel.pem' on it.  I generated
> this certificate then placed it in the software package.  The embedded device
> has *no* capablity to generate certificates.  So the *same* stunnel.pem file
> is distributed among 1000 units.  If you used cat on unit one and cat on unit
> 1000 they would look the same.  How do I sign this file so that Java and my
> web browser do not complain when they connect?

You have to pay a CA like Verisign or Thawte to sign it for you.  It's
been several years since I've needed a certificate signed, but it would
run about $100 a few years ago, not sure what it costs now.

You can, of course, tell your browser to stop complaining, but you have
to do that for each client.

As for Java, I assume you are using JSSE?  You can use keytool (comes
with JDK, but not JRE) to import your certificate and tell java to trust
it.  Just import the certificate into a file called jssecacerts and put
that file in your jre/lib/security directory.  Even then, you will still
have to do a little coding to make JSSE behave.  I can send you a
snippet later if it will help.

Jason
-- 
Jason Day                                       jasonday at
http://jasonday.home.att.net                    worldnet dot att dot net

"Of course I'm paranoid, everyone is trying to kill me."
    -- Weyoun-6, Star Trek: Deep Space 9
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale