java - Keytool - How to generate non self-signed certificates? -
it's confusing keystore generated keytool contains self-signed certificate using following command:
keytool -genkey -keyalg rsa -keysize 1024 -keystore bob.keystore it doesn't make sense generate self-signed certs because want trusted ca sign cert request. how generate non self-signed keystore?
keytool -genkey dual operation: generates key-pair, , wraps in self-signed certificate. having self-signed certificate convenience, partly linked storage format, temporary if want use key-pair ca-issued certificate.
you'll need extract certificate request key-pair, using information you've entered when using -genkey (this information ended in self-signed cert). re-use alias name you've used -genkey:
keytool -certreq -alias somename -file somename.csr -keystore mykeystore.jks send csr ca and, when certificate back, re-import against same alias. overwrite self-signed certificate generated initially, using keytool -importcert. beware may need import whole chain @ once, if there intermediate certificates, described @ end of this answer.
Comments
Post a Comment