This command imports the certificate ( domain.crt) into the keystore ( keystore.jks), under the specified alias ( domain). Simply specify a unique alias, such as root instead of domain, and the certificate that you want to import. You may also use this same command to import root or intermediate certificates that your CA may require to complete a chain of trust. a certificate signed by a CA, into your keystore it must match the private key that exists in the specified alias. Use this method if you want to import a signed certificate, e.g. Import Signed/Root/Intermediate Certificate This command creates a CSR ( domain.csr) signed by the private key identified by the alias ( domain) in the ( keystore.jks) keystore: keytool -certreq \Īfter entering the keystore’s password, the CSR will be generated. It requires that the keystore and alias already exist you can use the previous command to ensure this. Use this method if you want to generate an CSR that you can send to a CA to request the issuance of a CA-signed SSL certificate. This will prompt for the keystore password (new or existing), followed by a Distinguished Name prompt (for the private key), then the desired private key password. If the specified keystore does not already exist, it will be created after the requested information is supplied. This command generates a 2048-bit RSA key pair, under the specified alias ( domain), in the specified keystore file ( keystore.jks): keytool -genkeypair \ This will create a new key pair in a new or existing Java Keystore, which can be used to create a CSR, and obtain an SSL certificate from a Certificate Authority. Use this method if you want to use HTTP (HTTP over TLS) to secure your Java application. This section covers Java Keytool commands that are related to generating key pairs and certificates, and importing certificates.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |