Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2014-01-24

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
23:35 bthalmayr joined #openam
06:47 Wusel_ joined #openam
07:32 Wusel_ joined #openam
08:54 aldaris joined #openam
10:16 aldaris joined #openam
10:51 aldaris joined #openam
11:30 aldaris joined #openam
11:49 aldaris Good Friday morning
11:53 balo TGIF
11:54 aldaris indeed
11:59 MegaMatt joined #openam
12:36 bthalmayr joined #openam
13:58 pdurbin joined #openam
14:56 balo hm... it seems I can't import a ca to a truststore because it doesn't protected with password
14:57 balo I can open it with portecle but keytool needs a password
14:57 balo btw I'm trying to import a ca into ~/.java/deployment/security/trusted.cacerts so it's not possible to set a password
15:02 MegaMatt Hmm? Those files usually come with a default password
15:02 MegaMatt like changeit
15:03 balo MegaMatt: already tried it and didn't work :(
15:04 MegaMatt on a mac?
15:04 MegaMatt mac is changeme
15:04 balo linux
15:04 balo i tried changeme too but no luck
15:05 balo the password of the java lib security truststore is indeed "changeit"
15:06 balo but it's not the case with .java/deployment/security/trusted.cacerts
15:07 MegaMatt Isn't the default just called cacerts?
15:08 MegaMatt The Root Certificate Authority certificate stores mentioned above are the union of the certificate stores in the files pointed to by the properties: deployment.user.security.cacerts and deployment.system.security.cacerts. By default deployment.system.security.cacerts points to the cacerts file in the jre/lib/security directory. deployment.user.security.cacerts points to a file that contains any additional cacerts imported into it using th
15:08 MegaMatt Certificates dialog in the Security tab of the Java Control Panel.
15:08 balo yeah, it works from the gui. but I'd like to import a signing ca with command line :D
15:09 MegaMatt Did you change the  deployment.system.security.trusted.certs to point to that store?
15:10 MegaMatt I'm sorry, that would be the user.security not system.security
15:13 balo imho it's not necessary. i points to that file by default. when i import a cert from the control panel he puts the cert into that file and my app works as expected.
15:13 balo the problem is, I can't import into that store from the command line
15:14 MegaMatt I thought by default it was just named cacerts, not trusted.cacerts
15:14 MegaMatt so was wondering if you created trusted.cacerts and changed to that
15:14 MegaMatt which wouldn't have the default password ... necessarilly
15:14 balo nope. trusted.cacerts is in the home of the user
15:14 balo it's the 'user' cert store
15:15 balo indeed, in the java installation there is a keystore named cacerts.
15:16 MegaMatt You're right, they don't specify the file name in the document
15:16 MegaMatt http://docs.oracle.com/javase/7/docs/technotes/guides/deployment/deployment-guide/security.html
15:16 MegaMatt it just says "a file"
15:16 MegaMatt I assumed it was called cacerts again, not trusted.cacerts
15:18 MegaMatt can you do a list on it?
15:19 MegaMatt keytool -list -v -keystore ~/.java/deployment/security/trusted.cacerts
15:19 balo yep, it just throws a warning : "The integrity of the information stored in your keystore has NOT been verified!  In order to verify its integrity, you must provide your keystore password."
15:19 balo but it lists my prevously added cert
15:19 balo (it's empty by default)
15:20 MegaMatt Hmm.. I can't believe it doesn't have the default password ... by default anyhow
15:20 MegaMatt but it's entirely possible
15:21 MegaMatt I suppose you could always just import it into the system wide cacerts? ;)
15:21 MegaMatt hehe
15:21 balo it's strange, i can edit, save and list the certs with portecle without giving a passord
15:21 MegaMatt Oh, I have no idea what portecle does or doesn't do.. keytool should work though
15:22 balo maybe i can but it wouldn't be nice :(
15:22 MegaMatt Does it add with the default pw using keytool?
15:23 balo we are planning to use openjdk from the repository, it has the startssl root ca. oracle java doesn't
15:25 balo no, if i give changeit password to keytool it says "keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect"
15:25 balo i can only list this store with keytool
15:25 MegaMatt So somebody messed with the password on that keystore ;)
15:26 MegaMatt That's my guess
15:26 MegaMatt hehe
15:26 balo yeah, one can name it oracle :D
15:27 balo lololol
15:27 balo -storepass ""
15:27 balo and it works omg
15:27 balo ofc i tried to give it when it asked for the pass
15:27 MegaMatt hum so it was no password, but you need to specify a no password.. ok ;)
15:28 balo i found the solution here: http://certificate.fyicenter.com/124_Java_VM_Adding_Trusted_Certificates_for_Java_on_Windows.html
15:28 MegaMatt nice find
15:28 balo anyway, thanks for the help :)
15:29 balo i had to share my frustration with somebody, sorry it was you :D
15:29 MegaMatt I don't mind ;)
15:33 roysjosh joined #openam
16:04 Wusel_ joined #openam
17:29 MegaMatt Interesting read: http://thehackerblog.com/samsung-com-account-takeover-vulnerability-write-up/
18:06 balo :D
18:32 Wusel_ joined #openam
18:34 tsmalmbe joined #openam
21:04 Wusel_ joined #openam
22:39 Wusel_ joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary