![]() This is the same command that is used to create a new key pair, but with the validity lifetime specified in days. Use this command if you want to generate a self-signed certificate for your Java applications. Generate a self-signed certificate in a new or existing keystore. If they are located in several files, their content has to be merged into a single file before they can then be imported. If you want to import root and intermediate certificates, they have to be imported in one go. You may also use the command to import a CA's certificates into your Java truststore, which is typically located in $JAVA_HOME/jre/lib/security/cacerts assuming $JAVA_HOME is where your JRE or JDK is installed. Make sure that the original certificate used to create the CSR is removed from the keystore, otherwise it will be confused with the imported signed certificate. You are prompted for the keystore password, and for a confirmation of the import action. keytool -importcert -trustcacerts -file -alias If you import a signed certificate, it should correspond to the private key in the specified alias. ![]() You can use the following command to import the certificate ( domain.crt) into the keystore (keystore), under the specified alias (domain). Specify a unique alias, such as root instead of domain, and the certificate that you want to import. You may also use this same command to import root or intermediate certificates that your CA may require to complete a chain of trust. Use this method if you want to import a signed certificate, for example, a certificate signed by a CA, into your keystore it should match the private key that exists in the specified alias. You can use the following command to create a CSR ( domain.csr) signed by the private key identified by the alias (domain) in the ( keystore.jks) keystore: keytool -certreq -alias -file -keystore keystoreĪfter you enter the keystore's password, the CSR is generated. You can use the previous command to ensure this. It requires that the keystore and alias already exist. Use this method if you want to generate a CSR that you can send to a CA to request the issue of a CA-signed SSL certificate. ![]() keytool -genkeypair -alias -keyalg RSA -keystore keystore If you want your certificate to not only accept the given common name but rather additional names or IPs, you can use the keytool's SAN (Subject Alternative Names) extension. You are prompted for the keystore password (new or existing), followed by a Distinguished Name prompt (for the private key), then the desired private key password. If the specified keystore does not already exist, it is created after the requested information is supplied. ![]() The following command generates a 2048-bit RSA key pair, under the specified alias (domain), in the specified keystore file ( keystore.jks): keytool -genkeypair -alias -keyalg RSA -keystore keystore This creates a new key pair in a new or existing Java Keystore, which can be used to create a CSR, and obtain an SSL certificate from a Certificate Authority (CA). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |