I got my keystore file of jks type using keytool commands. now i need to get a self signed certificate to test at development. I am unable to understand how to generate certificate i tried by using keytool commands but i am getting exceptions like "illegal option, file not found" . So, can anyone please specify the right way to do it? I have followed apacheSSLconfig but i couldn't get the .cer file with those commands. Thanks in advance
Asked
Active
Viewed 1,246 times
0
-
"File not found" looks like you might have specified incorrect paths. What _exactly_ have you done and where are your files located? – Marvin May 27 '15 at 10:58
-
yeah, i understood the mistake i have done thanks – Amrutha Ambadipudi May 28 '15 at 05:35
3 Answers
1
1.. Creating keystore
keytool -genkey -alias name1 -keyalg RSA -keystore name1.keystore -storepass password -keypass keypassword -storetype JKS -keysize 1024
name1 - alias name (you can give your own alias)
name1.keystore - keystore file name to be created (you can specify location like c:\name1.keystore)
password - keystore password
keypassword - keystore key password (private key)
2.. Export certificate
keytool -export -alias name1 -keystore name1.keystore -rfc -file name1.cert -storepass password
name1.keystore - keystore location
name1.cert - Certificate name that to be exported (you can specify full path to where you want to xport the certificate)
password - keystore password
3.. Import Certificate to Truststore
keytool -import -alias name1 -file name1.cert -keystore name1.TrustStore -storepass truststorepassword
name1.cert - location of the certificate exported before in step.
name1.TrustStore - Truststore name (can specify full path)
truststorepassword - Trust store password
Kumar
- 3,782
- 4
- 39
- 87
-
thanks, i am done with 1,2 steps . Is it necessary to implement third step too ??, as i am trying for a self signed certificate to test my application locally. – Amrutha Ambadipudi May 28 '15 at 05:42
-
Third step is necessary for server/client application. Client should have truststore to connect with the server or other client SSL services. – Kumar May 28 '15 at 05:56
-
Refer [this](http://javarevisited.blogspot.in/2012/09/difference-between-truststore-vs-keyStore-Java-SSL.html) – Kumar May 28 '15 at 06:00
-
1You'll need the server cert if you want to use it in an android app. For browsers it is not mandatory but you'll get a biiiig warning message saying they don't know you. – Grasshopper May 28 '15 at 10:07
-
@Grasshopper Thanks. For browsers, you need to add the certificate to trusted location in your machine to avoid such warning messages. – Kumar May 28 '15 at 10:18
1
First you must understand that keytool handles java keystore files which is an Oracle container format for certificates and keys (see this post). Note that each entry in a keystore will have an alias you must refer to when manipulating the keystore. So when you run:
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
you're basically creating a keystore which contains a selfsigned certificate aliased as 'selfsigned'. If you need the actual certificate file you may export it from the keystore with:
keytool -exportcert -keystore /path/to/keystore.jks -storepass <password> -alias selfsigned -file ./name.cer
as already mentioned. But you don't need to. Following the instructions in the Configuration section in Tomcat's documentation all you need to do is to create the keystore and configure the server to use it by editing the NIO connector:
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="path/to/keystore.jks" keystorePass="<the password>"
clientAuth="false" sslProtocol="TLS"/>
Make sure the user running Tomcat has read permissions on the keystore.
Community
- 1
- 1
Grasshopper
- 1,749
- 1
- 14
- 30
0
To generate a self signed certificate, you do keytool -genkey as is explained here. then, if you want the certificate in a cer file, you can export it using keytool -exportcert example:
keytool -exportcert -keystore /path/to/keystore.jks -storepass <password> -alias <name> -file ./name.cer
Sharon Ben Asher
- 13,849
- 5
- 33
- 47