I would like to securely exchange data between my own servers and these will not leave the internal domain. For this, I would like to:
Generate keys for keystore.
Generate a CSR using Keytool, specify the key above.
Import the response into my default cacerts
file so that I can refer to that as my truststore.
So:
keytool -genkeypair -alias mykeys -keystore mykeystore.jks -keypass changeit -storepass changeit -keysize 1024 -noprompt
keytool -certreq -alias myinternalcert -keystore mykeystore.jks -storepass changeit -file myinternalcert.csr
It throws the following error:
keytool error: java.lang.Exception: Alias <myinternalcert> does not exist
I tried to seek examples in Oracle's blog and looks like this is the way to correctly generate a CSR - but for my case it's all errors :)
The only thing i understand about the SSL so far is:
Keystore - I want to authenticate myself to another server/client and my private key is in my keystore. I will also use this to sign my certificates.
Trust store - this is to determine whether the information the information I am receiving is from a legit source ie do I trust them. I store certificates here.
Okay - My own fault.
Actually the alias
is the same alias created for keystore
. thanks to this post on Digital Ocean
The keytool -certreq -help
doesn't really print out clear information:
Options:
-alias <alias> alias name of the entry to process (should have been "Alias of the keystore entry being used")
-sigalg <sigalg> signature algorithm name
-file <filename> output file name
-keypass <arg> key password
-keystore <keystore> keystore name
-dname <dname> distinguished name
-storepass <arg> keystore password
-storetype <storetype> keystore type
-providername <providername> provider name
-providerclass <providerclass> provider class name
-providerarg <arg> provider argument
-providerpath <pathlist> provider classpath
-v verbose output
-protected password through protected mechanism
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.