Sun Java System Web Server 7 - fun with self-signed certificates

Sun Java System Web Server
fun with self-signed certificates

0. version

# wadm --version
Sun Java System Web Server 7.0 Administration Command Line B12/04/2006 07:59

platform is: Solaris 10 3/05 (x86)

1. create a self-signed certificate (type=rsa, keysize=2048, nickname=rsa2048-cert)

# wadm create-selfsigned-cert --user=myadminuser --port=8989 --config=myconfig \
--token=internal --org=filibeto.org --org-unit="Data Center" --locality=Plovdiv \
--state="Plovdiv Area" --country=BG --validity=24 --server-name=ejkobejko.hihimihi.com \
--key-type=rsa --key-size=2048 --nickname=rsa2048-cert
Please enter admin-user-password> <<clickety-click>>
Please enter token-pin> <<clickety-click>>
CLI201 Command 'create-selfsigned-cert' ran successfully

2. list the newly created certificate

# wadm list-certs --user=myadminuser --port=8989 --config=myconfig
Please enter admin-user-password> <<clickety-click>>
Please enter token-pin> <<clickety-click>>
rsa2048-cert

3. get the certificate properties

# wadm get-cert-prop --user=myadminuser --port=8989 --config=myconfig --token=internal \
--nickname=rsa2048-cert
Please enter admin-user-password> <<clickety-click>>
Please enter token-pin> <<clickety-click>>
is-self-signed=true
nickname=rsa2048-cert
subject=CN=ejkobejko.hihimihi.com,OU=Data Center,O=filibeto.org,L=Plovdiv,ST=Plovdiv Area,C=BG
key-size=2048
is-expired=false
is-read-only=false
C=BG
expiry-date=Jan 23, 2009 4:20:14 PM
L=Plovdiv
issuer-name=ejkobejko.hihimihi.com
key-type=rsa
OU=Data Center
O=filibeto.org
fingerprint=6E:B0:56:42:1C:7C:8E:14:68:40:D8:C3:FC:2A:F5:9B
ST=Plovdiv Area
issuer=CN=ejkobejko.hihimihi.com,OU=Data Center,O=filibeto.org,L=Plovdiv,ST=Plovdiv Area,C=BG
issue-date=Jan 23, 2007 4:20:14 PM
token=internal
has-crl=false
serial-number=00:84:F6:BC:05
is-ca-cert=false
is-user-cert=true
CN=ejkobejko.hihimihi.com

everything seem ok. let's try to create another certificate.

4. creating similar certificate but with a different keysize and nickname
(type=rsa, keysize=1024, nickname=rsa1024-cert)

# wadm create-selfsigned-cert --user=myadminuser --port=8989 --config=myconfig \
--token=internal --org=filibeto.org --org-unit="Data Center" --locality=Plovdiv \
--state="Plovdiv Area" --country=BG --validity=24 --server-name=ejkobejko.hihimihi.com \
--key-type=rsa --key-size=1024 --nickname=rsa1024-cert
Please enter admin-user-password> <<clickety-click>>
Please enter token-pin> <<clickety-click>>
CLI201 Command 'create-selfsigned-cert' ran successfully
#echo $?
0

5. list certificates

# wadm list-certs --user=myadminuser --port=8989 --config=myconfig
Please enter admin-user-password> <<clickety-click>>
Please enter token-pin> <<clickety-click>>
rsa2048-cert

the newly created certificate with nickname "rsa1024-cert" does not list

6. get the properties of the certificate with nickname "rsa2048-cert"

# wadm get-cert-prop --user=myadminuser --port=8989 --config=myconfig \
--token=internal --nickname=rsa2048-cert
Please enter admin-user-password> <<clickety-click>>
Please enter token-pin> <<clickety-click>>
is-self-signed=true
nickname=rsa2048-cert
subject=CN=ejkobejko.hihimihi.com,OU=Data Center,O=filibeto.org,L=Plovdiv,ST=Plovdiv Area,C=BG
key-size=1024
is-expired=false
is-read-only=false
C=BG
expiry-date=Jan 23, 2009 4:25:55 PM
L=Plovdiv
issuer-name=ejkobejko.hihimihi.com
key-type=rsa
OU=Data Center
O=filibeto.org
fingerprint=95:98:27:72:8E:61:E5:5F:B5:01:FC:C6:45:0F:8A:DF
ST=Plovdiv Area
issuer=CN=ejkobejko.hihimihi.com,OU=Data Center,O=filibeto.org,L=Plovdiv,ST=Plovdiv Area,C=BG
issue-date=Jan 23, 2007 4:25:55 PM
token=internal
has-crl=false
serial-number=00:84:F6:BE:96
is-ca-cert=false
is-user-cert=true
CN=ejkobejko.hihimihi.com

how come the key-size is of the first certificate we created with nickname "rsa2048-cert" is 1024?

7. even more fun. try to delete the certificate with nickname "rsa2048-cert"

# wadm delete-cert --user=myadminuser --port=8989 --token=internal --config=myconfig rsa2048-cert
Please enter admin-user-password> <<clickety-click>>
Please enter token-pin> <<clickety-click>>
CLI201 Command 'delete-cert' ran successfully
#echo $?
0

8. list available certificates:

# wadm list-certs --user=myadminuser --port=8989 --config=myconfig
Please enter admin-user-password> <<clickety-click>>
Please enter token-pin> <<clickety-click>>
rsa2048-cert

even after "delete-cert" finished successfully [7] the certificate lists.

9. get the certificate properties

# wadm get-cert-prop --user=myadminuser --port=8989 --config=myconfig --token=internal --nickname=rsa2048-cert
Please enter admin-user-password> <<clickety-click>>
Please enter token-pin> <<clickety-click>>
is-self-signed=true
nickname=rsa2048-cert
subject=CN=ejkobejko.hihimihi.com,OU=Data Center,O=filibeto.org,L=Plovdiv,ST=Plovdiv Area,C=BG
key-size=2048
is-expired=false
is-read-only=false
C=BG
expiry-date=Jan 23, 2009 4:20:14 PM
L=Plovdiv
issuer-name=ejkobejko.hihimihi.com
key-type=rsa
OU=Data Center
O=filibeto.org
fingerprint=6E:B0:56:42:1C:7C:8E:14:68:40:D8:C3:FC:2A:F5:9B
ST=Plovdiv Area
issuer=CN=ejkobejko.hihimihi.com,OU=Data Center,O=filibeto.org,L=Plovdiv,ST=Plovdiv Area,C=BG
issue-date=Jan 23, 2007 4:20:14 PM
token=internal
has-crl=false
serial-number=00:84:F6:BC:05
is-ca-cert=false
is-user-cert=true
CN=ejkobejko.hihimihi.com

now we can see key-size=2048... we got back our initially created certificate???

10. delete the certificate again

# wadm delete-cert --user=myadminuser --port=8989 --token=internal --config=myconfig rsa2048-cert
Please enter admin-user-password> <<clickety-click>>
Please enter token-pin> <<clickety-click>>
CLI201 Command 'delete-cert' ran successfully
#echo $?
0

11. list certificates

# wadm list-certs --user=myadminuser --port=8989 --config=myconfig
Please enter admin-user-password> <<clickety-click>>
Please enter token-pin> <<clickety-click>>
#

Stoyan Angelov
filibeto.org

09 February 2007 03:39:16 PM +0200