This discussion is archived
1 Reply Latest reply: Aug 3, 2012 1:37 AM by Handra RSS

Certificate enrollment via SunPKCS11

user10645231 Newbie
Currently Being Moderated
Hi, my question is whether certificate enrollment is possible via the SunPKCS11 provider.

Generating a key pair is possible and easy by using the standard KeyPairGenerator also implemented by SunPKCS11.

Generating a PKCS10 certificate request is also possible and easy, although it entails using the package.

At this point, one would assume that the worst is over, as the last required operation is installing the certificate received from the certification authority. Alas, the SunPKCS11 provider seems to prevent such a basic operation.
The setCertificateEntry() method implemented by the SunPKCS11 provider, via the P11KeyStore class, just refuses to install a normal end-entity certificate -- and this is documented! Absolutely nonsensical.

Can anyone provide hints / suggestions to overcome this frustrating problem?


  • Correct Answers - 10 points
  • Helpful Answers - 5 points