I'm trying to create a self-signed certificate for a test web server running Sun Webserver 6.1 using certutil. I am open to using keytool or openssl if someone has better instructions which work with Sun Webserver.
Here are the commands that I use:
certutil -S -P "https-myWebapp-" -d . -n myCA -s "CN=myWebserver.com CA,OU=myCompany,C=US" -x -t "CT,CT,CT" -m 102 -v 301 -5
and I select option 5 - SSL CA and "yes" to the critical extension question. The CA is created successfully. Now that I have created the certificate authority, I try to sign the actual cert with the following command:
certutil -S -P "https-myWebapp-" -d . -n myServer -s "CN=myWebserver.com,C=US" -c myCA -t "u,u,u" -m 102 -v 300 -5
At the certutil prompt, I select option 1 to create a SSL server with critical extensions enabled. This produces the following error:
certutil: could not obtain certificate from file: You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.
What did I do wrong? I think that I may have a failed SSL certificate, but I get the following when running certutil -L -d . -P "https-myWebapp-"
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
myCA CTu,Cu,Cu