1 Reply Latest reply: Aug 3, 2012 3:37 AM by Handra RSS

    Certificate enrollment via SunPKCS11

      Hi, my question is whether certificate enrollment is possible via the SunPKCS11 provider.

      Generating a key pair is possible and easy by using the standard KeyPairGenerator also implemented by SunPKCS11.

      Generating a PKCS10 certificate request is also possible and easy, although it entails using the sun.security package.

      At this point, one would assume that the worst is over, as the last required operation is installing the certificate received from the certification authority. Alas, the SunPKCS11 provider seems to prevent such a basic operation.
      The setCertificateEntry() method implemented by the SunPKCS11 provider, via the P11KeyStore class, just refuses to install a normal end-entity certificate -- and this is documented! Absolutely nonsensical.

      Can anyone provide hints / suggestions to overcome this frustrating problem?