java - Keytool - How to generate non self-signed certificates? -


it's confusing keystore generated keytool contains self-signed certificate using following command:

keytool -genkey -keyalg rsa -keysize 1024 -keystore bob.keystore 

it doesn't make sense generate self-signed certs because want trusted ca sign cert request. how generate non self-signed keystore?

keytool -genkey dual operation: generates key-pair, , wraps in self-signed certificate. having self-signed certificate convenience, partly linked storage format, temporary if want use key-pair ca-issued certificate.

you'll need extract certificate request key-pair, using information you've entered when using -genkey (this information ended in self-signed cert). re-use alias name you've used -genkey:

keytool -certreq -alias somename -file somename.csr -keystore mykeystore.jks 

send csr ca and, when certificate back, re-import against same alias. overwrite self-signed certificate generated initially, using keytool -importcert. beware may need import whole chain @ once, if there intermediate certificates, described @ end of this answer.


Comments

Popular posts from this blog

node.js - Using Node without global install -

How to access a php class file from PHPFox framework into javascript code written in simple HTML file? -

java - Null response to php query in android, even though php works properly -