Sun Java System Web Server
fun with self-signed certificates0. version
# wadm --version
Sun Java System Web Server 7.0 Administration Command Line B12/04/2006 07:59
platform is: Solaris 10 3/05 (x86)1. create a self-signed certificate (type=rsa, keysize=2048, nickname=rsa2048-cert)
# wadm create-selfsigned-cert --user=myadminuser --port=8989 --config=myconfig \
--token=internal --org=filibeto.org --org-unit="Data Center" --locality=Plovdiv \
--state="Plovdiv Area" --country=BG --validity=24 --server-name=ejkobejko.hihimihi.com \
--key-type=rsa --key-size=2048 --nickname=rsa2048-cert
Please enter admin-user-password> <<clickety-click>>
Please enter token-pin> <<clickety-click>>
CLI201 Command 'create-selfsigned-cert' ran successfully2. list the newly created certificate
# wadm list-certs --user=myadminuser --port=8989 --config=myconfig
Please enter admin-user-password> <<clickety-click>>
Please enter token-pin> <<clickety-click>>
rsa2048-cert3. get the certificate properties
# wadm get-cert-prop --user=myadminuser --port=8989 --config=myconfig --token=internal \
--nickname=rsa2048-cert
Please enter admin-user-password> <<clickety-click>>
Please enter token-pin> <<clickety-click>>
is-self-signed=true
nickname=rsa2048-cert
subject=CN=ejkobejko.hihimihi.com,OU=Data Center,O=filibeto.org,L=Plovdiv,ST=Plovdiv Area,C=BG
key-size=2048
is-expired=false
is-read-only=false
C=BG
expiry-date=Jan 23, 2009 4:20:14 PM
L=Plovdiv
issuer-name=ejkobejko.hihimihi.com
key-type=rsa
OU=Data Center
O=filibeto.org
fingerprint=6E:B0:56:42:1C:7C:8E:14:68:40:D8:C3:FC:2A:F5:9B
ST=Plovdiv Area
issuer=CN=ejkobejko.hihimihi.com,OU=Data Center,O=filibeto.org,L=Plovdiv,ST=Plovdiv Area,C=BG
issue-date=Jan 23, 2007 4:20:14 PM
token=internal
has-crl=false
serial-number=00:84:F6:BC:05
is-ca-cert=false
is-user-cert=true
CN=ejkobejko.hihimihi.comeverything seem ok. let's try to create another certificate.
4. creating similar certificate but with a different keysize and nickname
(type=rsa, keysize=1024, nickname=rsa1024-cert)# wadm create-selfsigned-cert --user=myadminuser --port=8989 --config=myconfig \
--token=internal --org=filibeto.org --org-unit="Data Center" --locality=Plovdiv \
--state="Plovdiv Area" --country=BG --validity=24 --server-name=ejkobejko.hihimihi.com \
--key-type=rsa --key-size=1024 --nickname=rsa1024-cert
Please enter admin-user-password> <<clickety-click>>
Please enter token-pin> <<clickety-click>>
CLI201 Command 'create-selfsigned-cert' ran successfully
#echo $?
05. list certificates
# wadm list-certs --user=myadminuser --port=8989 --config=myconfig
Please enter admin-user-password> <<clickety-click>>
Please enter token-pin> <<clickety-click>>
rsa2048-certthe newly created certificate with nickname "rsa1024-cert" does not list
6. get the properties of the certificate with nickname "rsa2048-cert"
# wadm get-cert-prop --user=myadminuser --port=8989 --config=myconfig \
--token=internal --nickname=rsa2048-cert
Please enter admin-user-password> <<clickety-click>>
Please enter token-pin> <<clickety-click>>
is-self-signed=true
nickname=rsa2048-cert
subject=CN=ejkobejko.hihimihi.com,OU=Data Center,O=filibeto.org,L=Plovdiv,ST=Plovdiv Area,C=BG
key-size=1024
is-expired=false
is-read-only=false
C=BG
expiry-date=Jan 23, 2009 4:25:55 PM
L=Plovdiv
issuer-name=ejkobejko.hihimihi.com
key-type=rsa
OU=Data Center
O=filibeto.org
fingerprint=95:98:27:72:8E:61:E5:5F:B5:01:FC:C6:45:0F:8A:DF
ST=Plovdiv Area
issuer=CN=ejkobejko.hihimihi.com,OU=Data Center,O=filibeto.org,L=Plovdiv,ST=Plovdiv Area,C=BG
issue-date=Jan 23, 2007 4:25:55 PM
token=internal
has-crl=false
serial-number=00:84:F6:BE:96
is-ca-cert=false
is-user-cert=true
CN=ejkobejko.hihimihi.comhow come the key-size is of the first certificate we created with nickname "rsa2048-cert" is 1024?
7. even more fun. try to delete the certificate with nickname "rsa2048-cert"
# wadm delete-cert --user=myadminuser --port=8989 --token=internal --config=myconfig rsa2048-cert
Please enter admin-user-password> <<clickety-click>>
Please enter token-pin> <<clickety-click>>
CLI201 Command 'delete-cert' ran successfully
#echo $?
08. list available certificates:
# wadm list-certs --user=myadminuser --port=8989 --config=myconfig
Please enter admin-user-password> <<clickety-click>>
Please enter token-pin> <<clickety-click>>
rsa2048-certeven after "delete-cert" finished successfully [7] the certificate lists.
9. get the certificate properties
# wadm get-cert-prop --user=myadminuser --port=8989 --config=myconfig --token=internal --nickname=rsa2048-cert
Please enter admin-user-password> <<clickety-click>>
Please enter token-pin> <<clickety-click>>
is-self-signed=true
nickname=rsa2048-cert
subject=CN=ejkobejko.hihimihi.com,OU=Data Center,O=filibeto.org,L=Plovdiv,ST=Plovdiv Area,C=BG
key-size=2048
is-expired=false
is-read-only=false
C=BG
expiry-date=Jan 23, 2009 4:20:14 PM
L=Plovdiv
issuer-name=ejkobejko.hihimihi.com
key-type=rsa
OU=Data Center
O=filibeto.org
fingerprint=6E:B0:56:42:1C:7C:8E:14:68:40:D8:C3:FC:2A:F5:9B
ST=Plovdiv Area
issuer=CN=ejkobejko.hihimihi.com,OU=Data Center,O=filibeto.org,L=Plovdiv,ST=Plovdiv Area,C=BG
issue-date=Jan 23, 2007 4:20:14 PM
token=internal
has-crl=false
serial-number=00:84:F6:BC:05
is-ca-cert=false
is-user-cert=true
CN=ejkobejko.hihimihi.comnow we can see key-size=2048... we got back our initially created certificate???
10. delete the certificate again
# wadm delete-cert --user=myadminuser --port=8989 --token=internal --config=myconfig rsa2048-cert
Please enter admin-user-password> <<clickety-click>>
Please enter token-pin> <<clickety-click>>
CLI201 Command 'delete-cert' ran successfully
#echo $?
011. list certificates
# wadm list-certs --user=myadminuser --port=8989 --config=myconfig
Please enter admin-user-password> <<clickety-click>>
Please enter token-pin> <<clickety-click>>
#
Stoyan Angelov
filibeto.org
09 February 2007 03:39:16 PM +0200