This discussion is archived
4 Replies Latest reply: Feb 26, 2011 10:21 AM by 731451 RSS

SSl Certificate on Sunone 6.1

731451 Newbie
Currently Being Moderated
I was trying to generate a CSR for 2048 encryption for one of our Sun one webserver 6.1 version. I would like to know if I have followed the right steps.

1) I Have created a new trust database, got new cert8.db (this was the same size as the old one) and key3.db.
2) generate the CSR with 2048 encryption using certutil and submitted the CSR and I have received the SSL cert from CA.

I happened to go to the console and check the existing cert and for some reason I wasnt to see it any more. This started making me worry as I had seen it a day before I generated the CSR. Can some one let me know if you have any idea about why im not seeing the cert any more?

I have to install the new ssl cert we got on the webserver. This is in Production. So I wanted to make sure the steps I followed was right and I did not do any mistakes. Technically I dont see any thing wrong but since this is my first time doing and also in Prod, wanted some feedback.


In the first step I mentioned above, I guess I dint have to create new trust db but for some reason I did it...and I hope that should not cause any issues as I have used the new trust db to create the CSR.

Appreciate if any one can throw some light on this for me.
  • 1. Re: SSl Certificate on Sunone 6.1
    handat Expert
    Currently Being Moderated
    Well, you did generate a new certdb so your existing certdb where your existing cert was in is gone. Hence you cannot see your old cert anymore.
    What you want to make sure is that your private key is in your current certdb because you will need it to be there when you get your certificate from the CA to import. Use certutil with the -K option to view your private key. If it is there, then there is nothing to be worried about, but if it is missing, then the certificate you get from your CA will be useless and you better generate a new CSR.
  • 2. Re: SSl Certificate on Sunone 6.1
    731451 Newbie
    Currently Being Moderated
    Thanks for your reply.

    How can I make sure that the private key is in my current certdb when I create new cert db?
    certutil -K is giving me "certutil: function failed: security library: bad database".

    Surprisingly I was able to install the cert I got using steps I mentioned in my previous post.
    I had one warning came up saying: server cert nickname not matching with the cert subject name.
  • 3. Re: SSl Certificate on Sunone 6.1
    handat Expert
    Currently Being Moderated
    winterbreeze wrote:
    Thanks for your reply.

    How can I make sure that the private key is in my current certdb when I create new cert db?
    certutil -K is giving me "certutil: function failed: security library: bad database".
    you will need to add the -d option and specify where the location of your certdb is.

    Surprisingly I was able to install the cert I got using steps I mentioned in my previous post.
    I had one warning came up saying: server cert nickname not matching with the cert subject name.
    That's properly because the subject name you provided when you generated the CSR is different from the hostname that your web server is returning.
  • 4. Re: SSl Certificate on Sunone 6.1
    731451 Newbie
    Currently Being Moderated
    "you will need to add the -d option and specify where the location of your certdb is."

    I cant give the location of old cert db as I created new cert db, so I had to give the new cert db location with -d option when I created the CSR.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points