Hi all,

I just started to play with certificates things, and I got stuck doing
the first steps that any tutorial has. I'm running on a linux RH9 with
JDK 1.4.2_08 if that matters.

So I edited the openssl.cnf with some personal details, then I created a
CA with:
# ./CA -newca

then I create a request and I sign it:
# ./CA -newreq
# ./CA -sign

Shouldn't be that difficult.
However the generated server certificate newcert.pem cannot be imported
by any version of keytool (from JDK 1.4 or 5, on linux or windows)
because it always gives me:
# keytool -import -file newcert.pem -keystore mynewstore.ks
java.security.SignatureException: Signature does not match.

(I already edited the .pem to get out the lines before BEGIN as it was
not a X509 before) So I'm just unable to use keytool to add it to a
repository. I can print it with -princert though (if that matters)

The certificate must be good, I configured OpenLDAP to use it and accept
only secure connections, and I'm able to import and connect securely
with JXplorer _with that server certificate_. With another certificate
I'm not able, so OpenLDAP IS checking the certificates. However, keytool
doesn't like it.

What am I doing wrong with keytool then? I also added the cacert.pem to
the java cacerts files and the -trustcacerts switch to keytool, nothing
changed.

Thanks a lot,
S