<< Previous | Home

Security Tip #1 - Generating your own root CA certificate

If you are interested in creating your own root CA certificate then read on. 

The command line below will generate a root CA certificate (who by their nature are self-signed) with a keysize of 8192 and using the RSA key algorithm and a lifetime of 365 days from the time you issue the command.

Additional we say this certificate is a root CA certificate that will be used for certificate and revocation list signing.

keytool -keystore my-ca.jks -genkeypair 
-alias my-ca -dname "CN=My CA"  
-keyalg rsa -keysize 8192 -validity 365 -noprompt
-ext BasicConstraints:critical=CA:true
-ext KeyUsage:critical=keyCertSign,cRLSign

As we know that we will need to import the root CA certificate we will generate a PEM file for it.

keytool -exportcert -keystore my-ca.jks -rfc 
-alias my-ca > my-ca.pem

In the next blog entry we will create an intermediate CA so we can keep the root CA keystore safe.

And that is it.


JSF Tip #65 - JSF 2.1 Facelet VDL documentation

If you are looking for the JSF 2.1 Facelet VDL documentation, see https://javaserverfaces.java.net/docs/2.1/vdldocs/facelets/



JSF Tip #64 - JSF 2.2 Facelet VDL documentation

If you are looking for the JSF 2.2 Facelet VDL documentation, see https://javaserverfaces.java.net/nonav/docs/2.2/vdldocs/facelets/index.html



CDI Tip #1 - Get the annotation for a proxied class

In the Ozark runtime there is a time we need to get the annotation on a class. In some cases those instances are proxies and we need to get the annotation of the class behind the proxy. The code snippet below shows you how to do that.

public static <T extends Annotation> T getAnnotation(
Class<?> clazz, Class<T> annotationType) {
final T an = clazz.getDeclaredAnnotation(annotationType);
if (an != null) {
return an;
final BeanManager bm = CDI.current().getBeanManager();
final AnnotatedType<?> type = bm.createAnnotatedType(clazz);
return type != null ? type.getAnnotation(annotationType) : null;


Ozark package realignment

To more clearly show that Ozark is part of the reference implementations done under the Glassfish umbrella we decided to move from com.oracle.ozark.* to org.glassfish.ozark.* (the work was tracked as part of https://java.net/jira/browse/OZARK-51)

While this should not have a major impact on anyone trying out Ozark, we also had to update the GAV coordinate.

Please let us know if there are any problems!



Tags : , , ,