I got my keystore file of jks type using keytool commands. now i need to get a self signed certificate to test at development. I am unable to understand how to generate certificate i tried by using keytool commands but i am getting exceptions like "illegal option, file not found" . So, can anyone please specify the right way to do it? I have followed apacheSSLconfig but i couldn't get the .cer file with those commands. Thanks in advance
1.. Creating keystore
keytool -genkey -alias name1 -keyalg RSA -keystore name1.keystore -storepass password -keypass keypassword -storetype JKS -keysize 1024
name1
- alias name (you can give your own alias)
name1.keystore
- keystore file name to be created (you can specify location like c:\\name1.keystore)
password
- keystore password
keypassword
- keystore key password (private key)
2.. Export certificate
keytool -export -alias name1 -keystore name1.keystore -rfc -file name1.cert -storepass password
name1.keystore
- keystore location
name1.cert
- Certificate name that to be exported (you can specify full path to where you want to xport the certificate)
password
- keystore password
3.. Import Certificate to Truststore
keytool -import -alias name1 -file name1.cert -keystore name1.TrustStore -storepass truststorepassword
name1.cert
- location of the certificate exported before in step.
name1.TrustStore
- Truststore name (can specify full path)
truststorepassword
- Trust store password
First you must understand that keytool handles java keystore files which is an Oracle container format for certificates and keys ( see this post ). Note that each entry in a keystore will have an alias you must refer to when manipulating the keystore. So when you run:
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
you're basically creating a keystore which contains a selfsigned certificate aliased as 'selfsigned'. If you need the actual certificate file you may export it from the keystore with:
keytool -exportcert -keystore /path/to/keystore.jks -storepass <password> -alias selfsigned -file ./name.cer
as already mentioned. But you don't need to. Following the instructions in the Configuration section in Tomcat's documentation all you need to do is to create the keystore and configure the server to use it by editing the NIO connector:
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="path/to/keystore.jks" keystorePass="<the password>"
clientAuth="false" sslProtocol="TLS"/>
Make sure the user running Tomcat has read permissions on the keystore.
To generate a self signed certificate, you do keytool -genkey as is explained here . then, if you want the certificate in a cer file, you can export it using keytool -exportcert example:
keytool -exportcert -keystore /path/to/keystore.jks -storepass <password> -alias <name> -file ./name.cer
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.