Introduction

The Intershop 7 Apache web server is delivered with a dummy SSL certificate ("snakeoil" certificate / mod_ssl generated test server certificate). This SSL certificate is as invalid as possible:

Certificate subject does not match the requested host name
Certificate has expired
Certificate is not signed by a trusted certification authority (CA)

The certificate still allows traffic to be encrypted, but cannot be used to verify the identity of the remote server (by design).

The original certificate has the following attributes:

Field	Value
Version	V3
Serial number	06
Signature algorithm	md5RSA
Signature hash algorithm	md5
Issuer	C=XY, ST=Snake Desert, L=Snake Town, O=Snake Oil, Ltd, OU=Certificate Authority, CN=Snake Oil CA/emailAddress=ca@snakeoil.dom
Valid from	Aug 1 09:04:08 2002 GMT
Valid to	Aug 1 09:04:08 2003 GMT
Subject	C=XY, ST=Snake Desert, L=Snake Town, O=Snake Oil, Ltd, OU=Webserver Team, CN=www.snakeoil.dom/emailAddress=www@snakeoil.dom
Public key	RSA (1024 Bits): `30 81 89 02 81 81 00 d1 ea 39 c5 f7 98 04 f0 bd b4 21 e8 92 94 80 41 00 c7 a4 62 8d 7e 79 31 80 26 38 33 b5 f8 fd db 03 90 66 d6 4e c8 e7 d6 ae b7 ce f1 e4 4c f4 c9 d6 57 fc d0 46 1d 4d ea 1f 59 63 fb 54 03 94 e1 eb bd 8a f5 69 bf 7e 3f d1 3c 20 a5 46 93 74 25 e4 4e 54 b4 45 51 f3 7d 60 b3 77 63 42 26 b5 3e c9 16 17 17 de 02 9d 3b 5c f1 84 d0 84 d7 fc 95 8a 6f 5d 2a 44 8e fc 00 2a e8 b4 a8 bb fe 30 b9 02 03 01 00 01`
Subject Alternative Name	RFC822 Name=www@snakeoil.dom
Netscape Comment	mod_ssl generated test server certificate
Netscape Cert Type	SSL Server Authentication (40)
Thumbprint algorithm	sha1
Thumbprint	‎`63 a7 d1 3c 97 f8 32 d9 f3 4d c5 8f 9c 77 bc 5a 39 b3 90 30`

It was necessary to regenerate the dummy certificate because the signature hash algorithm (MD5) was disabled by a JDK update (considered insecure).

Step-by-Step Guide

The following steps are required to recreate the dummy SSL certificate (as close to the original certificate as possible). The commands have been tested on Windows; similar commands should work on Unix platforms as well.

The following list provide a quick overview of the steps required:

Install OpenSSL.
Copy openssl.cnf to httpd\conf.
Use this guide and use the local hostname for CN (Common Name) or the server name.
Import the certificate in the Java Keystore.
Restart the Apache.

For more use this detailed guide.

Open a developer shell; change to directory %IS_HOME%\httpd:
```
> cd /D %IS_HOME%\httpd
```

Create the certification authority directory structure, and initialize the index and serial files:

> mkdir demoCA\certs demoCA\crl demoCA\newcerts demoCA\private
> type NUL > demoCA\index.txt
> echo 07 > demoCA\serial

Adjust the conf\openssl.cnf settings (only changed properties listed):

[ usr_cert ]
# basicConstraints=CA:FALSE
# subjectKeyIdentifier=hash
# authorityKeyIdentifier=keyid,issuer
subjectAltName = email:copy
nsComment      = "mod_ssl generated test server certificate"
nsCertType     = server

Create the certification authority key and certificate:

> set OPENSSL_CONF=%IS_HOME%\httpd\conf\openssl.cnf
> bin\openssl req -new -x509 -extensions v3_ca -newkey rsa:4096 -keyout demoCA\private\cakey.pem -out demoCA\cacert.pem -days 3650
    Generating a 4096 bit RSA private key
    .........................................................++
    .......................................................................................................................................................++
    writing new private key to 'demoCA\private\cakey.pem'
    Enter PEM pass phrase:
    Verifying - Enter PEM pass phrase:
    -----
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [AU]:XY
    State or Province Name (full name) [Some-State]:Snake Desert
    Locality Name (eg, city) []:Snake Town
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Snake Oil, Ltd
    Organizational Unit Name (eg, section) []:Certificate Authority
    Common Name (e.g. server FQDN or YOUR name) []:localhost
    Email Address []:ca@snakeoil.dom

Create a private key and a certificate signing request:

> bin\openssl req -new -nodes -newkey rsa:2048 -keyout conf\server.key -out server.csr -days 365
    Generating a 2048 bit RSA private key
    .................................+++
    .....+++
    writing new private key to 'conf\server.key'
    -----
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [AU]:XY
    State or Province Name (full name) [Some-State]:Snake Desert
    Locality Name (eg, city) []:Snake Town
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:Snake Oil, Ltd
    Organizational Unit Name (eg, section) []:Webserver Team
    Common Name (e.g. server FQDN or YOUR name) []:localhost
    Email Address []:www@snakeoil.dom

    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:

Sign the request using the certification authority:

> bin\openssl ca -policy policy_anything -out conf\server.crt -in server.csr -startdate 020801090408Z -enddate 030801090408Z
    Using configuration from D:\Projects\Engineering\intershop-trunk\server\local\httpd\conf\openssl.cnf
    Enter pass phrase for ./demoCA/private/cakey.pem:
    Check that the request matches the signature
    Signature ok
    Certificate Details:
            Serial Number: 7 (0x7)
            Validity
                Not Before: Aug  1 09:04:08 2002
                Not After : Aug  1 09:04:08 2003
            Subject:
                countryName               = XY
                stateOrProvinceName       = Snake Desert
                localityName              = Snake Town
                organizationName          = Snake Oil, Ltd
                organizationalUnitName    = Webserver Team
                commonName                = localhost
                emailAddress              = www@snakeoil.dom
            X509v3 extensions:
                X509v3 Subject Alternative Name:
                    email:www@snakeoil.dom
                Netscape Comment:
                    mod_ssl generated test server certificate
                Netscape Cert Type:
                    SSL Server
    Certificate is to be certified until Aug  1 09:04:08 2003 (-4644 days)
    Sign the certificate? [y/n]:y


    1 out of 1 certificate requests certified, commit? [y/n]y
    Write out database with 1 new entries
    Data Base Updated

The newly created certificate has the following attributes:

Field	Value
Version	V3
Serial number	‎07
Signature algorithm	sha256RSA
Signature hash algorithm	sha256
Issuer	C=XY, ST=Snake Desert, L=Snake Town, O=Snake Oil, Ltd, OU=Certificate Authority, CN=localhost/emailAddress=ca@snakeoil.dom
Valid from	Aug 1 09:04:08 2002
Valid to	Aug 1 09:04:08 2003
Subject	C=XY, ST=Snake Desert, L=Snake Town, O=Snake Oil, Ltd, OU=Webserver Team, CN=localhost/emailAddress=www@snakeoil.dom
Public key	RSA (2048 Bits): 30 82 01 0a 02 82 01 01 00 aa 8e d0 e6 90 79 18 56 48 39 cd 47 17 af 35 43 61 9d d8 c6 f8 dd f6 7e cd f0 05 7a c6 4c ff 11 22 d8 e8 6f b9 58 54 53 6e 2b a6 ad 10 c6 03 29 3a 29 04 45 d4 9d 1f 5a ca bb 3f 88 fe 2c a9 08 22 9e 3f b0 5e 9e 45 41 8d 5d 30 08 62 a2 68 41 f0 44 2c 4b 19 18 63 90 10 6c 53 04 3f 63 5d c1 ae ef 5e 1d 22 b1 96 24 0a e6 14 b9 97 34 cd f0 ed 71 fa 5b 1c c4 46 85 e1 a8 a9 ba a5 69 7b 56 0b 65 cc 93 a7 53 f9 e2 55 b9 93 0f 29 8f d8 32 91 46 1b cc 6f 9b 00 a4 3a 0c ce fe f3 14 33 3a 56 1a fd 9c 85 73 43 cb 62 29 6a 8a bb fe 4f 6b 5c 67 60 8f 28 2a f8 20 70 fb bf 77 65 f8 f1 b5 1d 53 2d 5c 38 03 1f 65 17 6b ab de e1 b0 3d a7 03 fe ac bd 9a 22 3a b9 94 d6 f6 7d 29 f6 b0 0b e1 52 a7 ef 48 7e a6 ff 9f 4c f0 3e 9d ba 14 b7 26 e9 37 9a e5 99 76 bb 79 7b 13 b1 de ee 5b 41 02 03 01 00 01
Subject Alternative Name	RFC822 Name=www@snakeoil.dom
Netscape Comment	mod_ssl generated test server certificate
Netscape Cert Type	SSL Server Authentication (40)
Thumbprint algorithm	sha1
Thumbprint	`‎‎6c 7e 02 06 ed d6 7e 42 db a7 49 b2 d6 e7 59 53 5a 17 b8 ad`

Display Certificate Details

On Windows, you can use the certutil system command to view the contents of a certificate or certificate signing request:

Display contents of a certificate or certificate signing request using the certutil system utility (Windows) Expand source

> certutil -dump conf\server.crt
    X509 Certificate:
    Version: 3
    Serial Number: 07
    Signature Algorithm:
        Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA
        Algorithm Parameters:
        05 00
    Issuer:
        E=ca@snakeoil.dom
        CN=localhost
        OU=Certificate Authority
        O=Snake Oil, Ltd
        L=Snake Town
        S=Snake Desert
        C=XY
      Name Hash(sha1): c0784c65431c5d0691f15b2a1cca488e7352487f
      Name Hash(md5): ca036ce6fd7ff727274584ce91e4e84f
    
     NotBefore: 01.08.2002 11:04
     NotAfter: 01.08.2003 11:04
    
    Subject:
        E=www@snakeoil.dom
        CN=localhost
        OU=Webserver Team
        O=Snake Oil, Ltd
        L=Snake Town
        S=Snake Desert
        C=XY
      Name Hash(sha1): ca99850c7a7ab9033bf0bf65e5575de111bf3305
      Name Hash(md5): 73292c8ceb3f00071d6601e873b8b782
    
    Public Key Algorithm:
        Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
        Algorithm Parameters:
        05 00
    Public Key Length: 2048 bits
    Public Key: UnusedBits = 0
        0000  30 82 01 0a 02 82 01 01  00 b8 71 dc 39 f3 aa 34
        0010  13 b3 1c ee 8c d1 0e a3  5f 6c 4f f9 66 b4 90 bd
        0020  49 90 4e b1 9f 13 50 64  63 4c fc 04 40 35 ab 06
        0030  58 79 81 41 07 ab 59 b9  f0 0f fc f7 bf 66 e1 43
        0040  93 b0 1f 06 f2 71 2b 59  c0 7c cc a5 0d e5 f8 c4
        0050  da 5c 80 fd 09 ba 3b 09  4d 28 b8 2e 27 75 37 82
        0060  79 bc 52 ff 39 b6 e5 4e  30 60 ff d9 8f b5 25 72
        0070  dd 94 70 99 ea b6 a0 6d  01 e5 e7 e2 f5 bf f8 73
        0080  a2 3c d2 7e 08 12 d7 fe  cd 81 24 61 67 25 46 c3
        0090  f6 fa 09 4f c9 74 83 de  38 ff 6f 46 bc 23 41 01
        00a0  f6 d0 67 c6 6b 94 9f f0  aa 1a d8 a2 dd 43 e4 56
        00b0  6a fc 19 6c e1 e5 5e 80  83 0d 2c c2 cc 78 76 a3
        00c0  47 1e 23 be f8 5e d0 0c  93 20 aa 14 c9 ef 10 08
        00d0  8b a0 1f 7c 9f da 53 ea  c8 3a b8 5b a0 fb 4a e0
        00e0  7a c5 3a 37 45 29 c7 fa  c2 95 75 10 27 a3 57 e1
        00f0  f8 c7 fa 47 d7 d8 6b ed  8b f6 5a 10 32 75 14 6b
        0100  9e 23 d6 6c b9 62 35 b3  e1 02 03 01 00 01
    Certificate Extensions: 3
        2.5.29.17: Flags = 0, Length = 14
        Subject Alternative Name
            RFC822 Name=www@snakeoil.dom
    
        2.16.840.1.113730.1.13: Flags = 0, Length = 2b
        Netscape Comment
            mod_ssl generated test server certificate
    
        2.16.840.1.113730.1.1: Flags = 0, Length = 4
        Netscape Cert Type
            SSL Server Authentication (40)
    Signature Algorithm:
        Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA
        Algorithm Parameters:
        05 00
    Signature: UnusedBits=0
        0000  6b 4f a4 88 e7 94 70 c9  71 34 22 30 35 57 02 1b
        0010  64 39 c2 e1 98 b2 72 ec  6b 28 d5 58 fc 93 1d f7
        0020  91 ad df 8e 87 cf 6f 0b  7e b8 9c 70 5a 50 bf f1
        0030  ed 12 98 d1 3f 9c ef 8f  f2 c7 03 9c b0 56 14 e3
        0040  4e e7 25 92 c9 51 19 0e  8b 88 72 54 86 53 ee d1
        0050  1c 16 0a 15 68 9a 9d cc  f9 a5 e9 ef fa 29 b7 a7
        0060  d3 d0 f6 14 18 d4 17 2a  cb 85 86 ee 12 ab 9b 7a
        0070  08 51 73 32 6a 71 97 f4  cf a5 02 ba 7f 58 2c 34
        0080  d5 ff e0 88 40 6d d7 04  4d 76 ee 2b dc 26 58 ac
        0090  1e bf 33 07 58 d9 00 12  e5 3f 95 82 9d 63 43 0b
        00a0  f8 a2 62 99 1f 08 e6 2c  32 f1 97 15 0a 93 32 6f
        00b0  8a b0 65 40 b3 cf 8f 9c  05 a9 35 44 c3 84 76 36
        00c0  73 ec 53 61 54 fc 92 f6  a5 9c c9 5e 90 c0 4c 32
        00d0  a6 8c cb f6 02 03 37 ee  c2 8e df 53 c2 d2 29 2d
        00e0  83 69 4a 52 3b f4 7c 80  39 27 c9 c6 91 60 f7 83
        00f0  ae 12 47 c3 94 48 73 86  6c ba 39 7c 25 88 7d 3f
        0100  49 aa fd 8b dc f5 b2 66  fd 48 a0 25 16 6d 43 04
        0110  15 ae c9 66 6a d6 ba c9  a3 8a c9 06 10 84 25 8f
        0120  ed 92 4d 3c f4 01 5d b3  fb f6 d7 b5 e8 30 d6 83
        0130  21 bf 65 68 c2 15 f0 3d  51 33 92 85 f6 2f ed df
        0140  32 b2 93 10 ef c6 4e 43  68 35 fd 97 27 3a 78 d2
        0150  c4 57 d7 d1 5f f7 84 bb  f3 26 3d 3c ca f3 4d 72
        0160  4e b4 f1 8b c8 61 dc ec  5f 1e 85 53 c6 b3 62 84
        0170  4d 9d 18 ff 4c 3d 64 ae  2d 75 23 2a a2 4d d0 da
        0180  f2 77 2e fd 1c f4 26 72  e3 3e 6d 4b 3f 03 1a fa
        0190  ed 6d c7 aa dc 0e f7 cd  a6 31 89 e6 c5 a6 26 9f
        01a0  6d 21 6a 6c 2a 49 46 e1  d8 eb 0c 09 4d 03 c1 b8
        01b0  73 37 29 69 15 1b 5f e0  09 74 66 6d d7 c0 a8 47
        01c0  1b 61 17 a0 d0 07 6a a0  9f c5 ad 57 60 dc 2f 90
        01d0  26 1b 62 2a 38 d3 41 65  ee c1 2b eb 16 54 50 d5
        01e0  6c 1e 69 c5 d1 3a fb 59  ba 8f 18 d3 b8 25 1d 49
        01f0  8d 32 5e f2 7c 01 33 d0  d9 e0 d8 76 34 4b da 69
    Non-root Certificate
    Key Id Hash(rfc-sha1): 49 36 b9 57 2c cb db cf 64 04 75 06 0f a2 fd 2e 98 e0 7d 89
    Key Id Hash(sha1): c7 23 9a 8b 87 2e eb 17 0b 1e 4c 4a 6d d9 bd 38 07 ed 34 91
    Key Id Hash(md5): 23bd5d1514c0dfebdd3d76d2df4ea79f
    Key Id Hash(sha256): f02777f77a6028ac82fcf5f32e388df1a20887a0d2186cc1c7a03390b977804c
    Cert Hash(md5): 2f 6c 87 58 aa 8f 1f 4c 97 1e e1 b4 95 2b 97 fb
    Cert Hash(sha1): 6d d1 c3 69 fe f7 4b cb 2a f8 e3 73 e5 ae ab ab c5 33 b6 5c
    Cert Hash(sha256): 19bbf589be3a1ccddea2310ba2aefda526762e2f242b9a442d0f078b2d36e6eb
    Signature Hash: ec038cb081b9019f2f9873498e9a67f57bf75dcef84973155a65d414eb5db492
    CertUtil: -dump command completed successfully.

The certificate / certificate signing request details can also be viewed using the openssl command (all platforms):

Display contents of a certificate signing request using the "openssl req" utility Expand source

> bin\openssl req -in server.csr -noout -text -reqopt ext_dump
    Certificate Request:
        Data:
            Version: 0 (0x0)
            Subject: C=XY, ST=Snake Desert, L=Snake Town, O=Snake Oil, Ltd, OU=Webserver Team, CN=localhost/emailAddress=www@snakeoil.dom
            Subject Public Key Info:
                Public Key Algorithm: rsaEncryption
                    Public-Key: (2048 bit)
                    Modulus:
                        00:dc:2e:7e:31:23:40:fe:aa:ec:32:eb:60:7b:44:
                        cd:f0:8e:80:9a:c0:72:1d:c6:38:da:b1:a9:c3:cd:
                        2c:ec:b7:51:03:4c:78:39:e9:9a:bb:cd:93:3f:57:
                        17:31:01:91:80:22:4f:99:5f:74:ca:5c:a1:3f:1e:
                        8e:a1:d1:f2:d9:4b:87:98:35:49:cd:8d:d2:1c:1e:
                        91:2c:ea:71:b5:c7:77:75:e0:f1:f1:44:8b:fc:5b:
                        5f:8d:50:84:57:ef:ba:ad:a4:17:6c:e0:23:2e:8f:
                        5f:f3:5a:6c:f1:5f:03:57:e2:71:dc:13:f7:26:32:
                        20:ae:ad:62:eb:21:3b:93:96:ba:57:7f:c7:d7:91:
                        a4:be:27:ba:17:fd:fa:0f:93:e6:60:f1:6c:3e:18:
                        59:1f:10:3e:f0:11:8c:00:1c:6f:41:0a:28:6c:fa:
                        c2:31:97:d5:9a:3e:a6:8f:67:29:66:82:90:18:08:
                        ce:5c:17:fb:d1:af:72:12:18:5f:8c:e0:e1:e0:4b:
                        fd:7e:1a:39:49:08:40:0f:0d:3a:f6:85:6f:7b:dd:
                        2d:3a:d1:ad:83:ab:77:e8:b4:9a:cc:9b:f9:c2:e3:
                        23:77:88:16:64:92:69:72:6d:38:62:e4:d9:b1:13:
                        0f:0e:c2:58:3d:28:4e:15:78:f5:85:a3:12:90:66:
                        f2:1b
                    Exponent: 65537 (0x10001)
            Attributes:
                a0:00
        Signature Algorithm: sha256WithRSAEncryption
             37:4c:73:f4:c2:af:b6:78:58:e5:c7:01:cd:99:d0:76:52:74:
             f3:ba:1c:76:ae:63:12:f4:66:56:07:dd:b4:af:a9:8c:40:2e:
             f4:51:93:c1:62:fb:8a:96:4d:36:e8:76:55:34:e3:11:9c:e7:
             b3:f4:43:e6:00:1f:3a:22:cf:7a:92:40:8f:97:3e:17:ab:8c:
             f7:a3:ec:7e:a0:51:31:85:d4:c7:0e:fa:e6:c2:73:93:76:11:
             dd:11:d3:03:5f:8d:ff:6b:5f:a0:ce:53:fc:1b:1f:3f:49:9b:
             60:ce:c9:2f:5d:88:99:c5:d9:0a:ff:03:2a:44:2e:5c:a4:9f:
             0f:20:ae:32:70:2b:3c:ca:e6:d0:aa:36:b8:f9:76:30:51:a5:
             d2:f8:b0:7b:f1:7c:f9:26:60:42:00:a4:69:fb:91:7f:dd:17:
             08:26:49:84:53:71:b4:8a:12:e1:94:65:ce:cd:09:07:c4:9f:
             42:4a:42:87:26:2f:3e:3e:cc:c2:06:02:c3:bc:40:6b:32:53:
             e9:12:16:56:a1:3d:d1:8f:ac:5e:bd:43:49:38:88:1e:20:e5:
             9f:f7:e9:fb:86:9f:3b:ac:ad:73:be:a5:3f:9c:f3:a5:72:d3:
             6d:08:52:f9:d1:43:08:c1:6e:51:f1:37:66:d8:73:ae:10:26:
             fb:e8:f9:d5

Display contents of a certificate using the "openssl x509" utility Expand source

> bin\openssl x509 -in conf\server.crt -noout -text -certopt ext_dump
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number: 7 (0x7)
        Signature Algorithm: sha256WithRSAEncryption
            Issuer: C=XY, ST=Snake Desert, L=Snake Town, O=Snake Oil, Ltd, OU=Certificate Authority, CN=localhost/emailAddress=ca@snakeoil.dom
            Validity
                Not Before: Aug  1 09:04:08 2002
                Not After : Aug  1 09:04:08 2003
            Subject: C=XY, ST=Snake Desert, L=Snake Town, O=Snake Oil, Ltd, OU=Webserver Team, CN=localhost/emailAddress=www@snakeoil.dom
            Subject Public Key Info:
                Public Key Algorithm: rsaEncryption
                    Public-Key: (2048 bit)
                    Modulus:
                        00:b8:71:dc:39:f3:aa:34:13:b3:1c:ee:8c:d1:0e:
                        a3:5f:6c:4f:f9:66:b4:90:bd:49:90:4e:b1:9f:13:
                        50:64:63:4c:fc:04:40:35:ab:06:58:79:81:41:07:
                        ab:59:b9:f0:0f:fc:f7:bf:66:e1:43:93:b0:1f:06:
                        f2:71:2b:59:c0:7c:cc:a5:0d:e5:f8:c4:da:5c:80:
                        fd:09:ba:3b:09:4d:28:b8:2e:27:75:37:82:79:bc:
                        52:ff:39:b6:e5:4e:30:60:ff:d9:8f:b5:25:72:dd:
                        94:70:99:ea:b6:a0:6d:01:e5:e7:e2:f5:bf:f8:73:
                        a2:3c:d2:7e:08:12:d7:fe:cd:81:24:61:67:25:46:
                        c3:f6:fa:09:4f:c9:74:83:de:38:ff:6f:46:bc:23:
                        41:01:f6:d0:67:c6:6b:94:9f:f0:aa:1a:d8:a2:dd:
                        43:e4:56:6a:fc:19:6c:e1:e5:5e:80:83:0d:2c:c2:
                        cc:78:76:a3:47:1e:23:be:f8:5e:d0:0c:93:20:aa:
                        14:c9:ef:10:08:8b:a0:1f:7c:9f:da:53:ea:c8:3a:
                        b8:5b:a0:fb:4a:e0:7a:c5:3a:37:45:29:c7:fa:c2:
                        95:75:10:27:a3:57:e1:f8:c7:fa:47:d7:d8:6b:ed:
                        8b:f6:5a:10:32:75:14:6b:9e:23:d6:6c:b9:62:35:
                        b3:e1
                    Exponent: 65537 (0x10001)
            X509v3 extensions:
                X509v3 Subject Alternative Name:
                    email:www@snakeoil.dom
                Netscape Comment:
                    mod_ssl generated test server certificate
                Netscape Cert Type:
                    SSL Server
        Signature Algorithm: sha256WithRSAEncryption
             69:da:4b:34:76:d8:e0:d9:d0:33:01:7c:f2:5e:32:8d:49:1d:
             25:b8:d3:18:8f:ba:59:fb:3a:d1:c5:69:1e:6c:d5:50:54:16:
             eb:2b:c1:ee:65:41:d3:38:2a:62:1b:26:90:2f:dc:60:57:ad:
             c5:9f:a0:6a:07:d0:a0:17:61:1b:47:a8:c0:d7:6d:66:74:09:
             e0:5f:1b:15:69:29:37:73:b8:c1:03:4d:09:0c:eb:d8:e1:46:
             49:2a:6c:6a:21:6d:9f:26:a6:c5:e6:89:31:a6:cd:f7:0e:dc:
             aa:c7:6d:ed:fa:1a:03:3f:4b:6d:3e:e3:72:26:f4:1c:fd:2e:
             77:f2:da:d0:4d:a2:2a:23:75:2d:ae:64:3d:4c:ff:18:9d:4d:
             84:62:b3:c6:53:85:1e:5f:ec:dc:61:c8:8b:f1:b4:4e:72:4d:
             f3:ca:3c:3d:26:f3:bb:84:f7:5f:d1:d7:57:c4:d2:78:3a:27:
             97:fd:35:68:43:4e:c6:ef:10:93:b2:32:df:ed:2f:f6:85:92:
             33:51:3d:f0:15:c2:68:65:bf:21:83:d6:30:e8:b5:d7:f6:fb:
             b3:5d:01:f4:3c:4d:92:ed:8f:25:84:10:06:c9:8a:a3:c9:ba:
             d6:6a:66:c9:ae:15:04:43:6d:16:25:a0:48:fd:66:b2:f5:dc:
             8b:fd:aa:49:3f:7d:88:25:7c:39:ba:6c:86:73:48:94:c3:47:
             12:ae:83:f7:60:91:c6:c9:27:39:80:7c:f4:3b:52:4a:69:83:
             2d:29:d2:c2:53:df:8e:c2:ee:37:03:02:f6:cb:8c:a6:32:4c:
             c0:90:5e:c9:9c:a5:f6:92:fc:54:61:53:ec:73:36:76:84:c3:
             44:35:a9:05:9c:8f:cf:b3:40:65:b0:8a:6f:32:93:0a:15:97:
             f1:32:2c:e6:08:1f:99:62:a2:f8:0b:43:63:9d:82:95:3f:e5:
             12:00:d9:58:07:33:bf:1e:ac:58:26:dc:2b:ee:76:4d:04:d7:
             6d:40:88:e0:ff:d5:34:2c:58:7f:ba:02:a5:cf:f4:97:71:6a:
             32:73:51:08:7a:9b:ab:12:ee:86:85:cb:2a:17:d4:18:14:f6:
             d0:d3:a7:b7:29:fa:ef:e9:a5:f9:cc:9d:9a:68:15:0a:16:1c:
             d1:ee:53:86:54:72:88:8b:0e:19:51:c9:92:25:e7:4e:e3:14:
             56:b0:9c:03:c7:f2:8f:ef:9c:3f:d1:98:12:ed:f1:bf:50:5a:
             70:9c:b8:7e:0b:6f:cf:87:8e:df:ad:91:f7:1d:93:fc:58:d5:
             28:6b:ec:72:b2:98:e1:c2:39:64:1b:02:57:35:30:22:34:71:
             c9:70:94:e7:88:a4:4f:6b

Be your own Certificate Authority
OpenSSL - Cryptography and SSL/TLS Toolkit: OpenSSL command line tool manual page
IS-13713 - Updated JDK limits allowed cryptografic algorithms

Disclaimer

The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.

Table of Contents

Introduction

Step-by-Step Guide

Related Articles