I want to generate a self signed trusted certificate and a csr and sign the csr with trusted certificate created. I am trying it with keytool. In the first step of creating a trusted certificate using the below command
keytool -genkey -alias mytrustCA -keyalg RSA -keystore keystore.jks -keysize 1024
where it puts the certificate into keystore. How can I store it to a file ? and when I list the contents using
keytool -list -v -keystore cert/test.keystore
Certificate created with above "genkey" command creates with entry type as "PrivateKeyEntry", how can create a trusted Cert Entry ?
Best Answer
In your first command, you have used the
-genkey
option to generate the keystore namedkeystore.jks
.To export the certificate in
.CER
format file, you will need to use the-export
option of the keytool.An example is:
This will generate a file named
mytrustCA.cer
To generate a certificate request to send to a CA for obtaining a signed certificate, you will need to use the
-certreq
option of keytool.An example is:
This will ask for the keystore password and on successful authentication, it will show the certificate request as given below (a sample).
You will need to send this Certificate REquest or paste it into the Digital Certificate signer webpage. Alternately, you can even redirect this output to a file instead of the console as follows: