12.0.1.4183 The CreateCert executable outputs malformed X.509 certificates that are unsupported by Java. The program previously output X.509v3 files with proper X.509v3 extensions, but an update has introduced a bug causing the application to output X.509v1 certificates with X.509v3 extensions in violation of the X.509 specification. This causes java’s strict parser to fail when interacting with these certificates with the error text “java.security.cert.CertificateParsingException: no more data allowed for version 1 certificate.” This is true for both Java’s use of the KeyTool, and when interacting with the server over TLS with Java as a client. |
Sorry for the delay in responding. This is a bug in createcert that was created with the conversion to openssl (away from Certicom). We are working on a fix. In the meantime, please use openssl directly to generate certificates:
If you want to use this in a SQL Anywhere server you have to create an identity file:
Now, if you want to import into a Java keystore:
|
In the meantime you can create self-signed certificates using Java's keytool. For example:
You can also generate chained certificates. |