You need to sign in to do that
Don't have an account?
Hetal Sheth
WebService Outbond Call Question
We are building outbound webservice call. We have built a client that is invoking external web service. Our web service provider has created following JKS (and password). Unfortunately, when we import JKS file and password, we are seeing following error.
You've created 0 non-expired certificates out of a limit of 50.
Here is how we created certificate
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: sfcert
Creation date: Jun 8, 2015
Entry type: trustedCertEntry
Owner: CN=armpilot.hud.gov, OU='TMD', O='US Department of Housing and Urban Development', L='Washington D.C.', ST='District Of Columbia', C=US
Issuer: C=US, ST=West Virginia, L=Charleston, O=HP-HUD, OU=Opensystems,EMAILADDRESS=charles.swiger@hp.com, CN=hwvalap3222.hud.gov
Serial number: 4c
Valid from: Mon Jun 01 15:16:12 EDT 2015 until: Thu May 29 15:16:12 EDT 2025
Certificate fingerprints:
MD5: 7E:21:1E:A4:C0:ED:5E:4D:D0:2C:58:58:8B:AF:E3:A9
SHA1: 12:C2:95:C3:EA:A7:91:89:75:4D:D6:E5:95:AF:71:E8:AD:B4:CB:CD
You've created 0 non-expired certificates out of a limit of 50.
Here is how we created certificate
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: sfcert
Creation date: Jun 8, 2015
Entry type: trustedCertEntry
Owner: CN=armpilot.hud.gov, OU='TMD', O='US Department of Housing and Urban Development', L='Washington D.C.', ST='District Of Columbia', C=US
Issuer: C=US, ST=West Virginia, L=Charleston, O=HP-HUD, OU=Opensystems,EMAILADDRESS=charles.swiger@hp.com, CN=hwvalap3222.hud.gov
Serial number: 4c
Valid from: Mon Jun 01 15:16:12 EDT 2015 until: Thu May 29 15:16:12 EDT 2025
Certificate fingerprints:
MD5: 7E:21:1E:A4:C0:ED:5E:4D:D0:2C:58:58:8B:AF:E3:A9
SHA1: 12:C2:95:C3:EA:A7:91:89:75:4D:D6:E5:95:AF:71:E8:AD:B4:CB:CD
When a certificate is expired, its revocation status is no longer published. That is, the certificate might have been revoked long ago, but it will no longer be included in the CRL. Certificate expiration date is the cut-off date for CRL inclusion. That's the official reason why certificates expire: to keep CRL size bounded.
(The unofficial reason is to make certificate owners pay an annual fee.)
So you cannot trust an expired certificate because you cannot check its revocation status. It might have been revoked months ago, and you would not know it.
Best Regards
Naga Kiran
Thanks for your suggestion.
I have check the expiration date.
It has expiration date below
Thu May 29 15:16:12 EDT 2025
Please help me to resolve issue?
--------------------------------------------------------------------------------------------------------------------
Alias name: sfcert
Creation date: Jun 8, 2015
Entry type: trustedCertEntry
Owner: CN=armpilot.hud.gov, OU='TMD', O='US Department of Housing and Urban Development', L='Washington D.C.', ST='District Of Columbia', C=US
Issuer: C=US, ST=West Virginia, L=Charleston, O=HP-HUD, OU=Opensystems,EMAILADDRESS=charles.swiger@hp.com, CN=hwvalap3222.hud.gov
Serial number: 4c
--------------------------------------------------------------------------------------------------------------------
Valid from: Mon Jun 01 15:16:12 EDT 2015 until: Thu May 29 15:16:12 EDT 2025
--------------------------------------------------------------------------------------------------------------------
Certificate fingerprints:
MD5: 7E:21:1E:A4:C0:ED:5E:4D:D0:2C:58:58:8B:AF:E3:A9
SHA1: 12:C2:95:C3:EA:A7:91:89:75:4D:D6:E5:95:AF:71:E8:AD:B4:CB:CD