1

I used following command to generate a jks file to setup https connection in a tomcat server. But I have to add "Secuity Exceptions" whenever I accessing the tomcat server using browser. 

keytool -genkey -alias tomcat -keylag RSA -keystore keystore.jks

I think, I should create another public key certificate and import it into browser to create a secure connection. How do I create the public key certificate for the jks key?

user207421
  • 305,947
  • 44
  • 307
  • 483
Sameera Kumarasingha
  • 2,908
  • 3
  • 25
  • 41
  • Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Unix & Linux Stack Exchange](http://unix.stackexchange.com/) would be a better place to ask. Also see [Where do I post questions about Dev Ops?](http://meta.stackexchange.com/q/134306) – jww Mar 17 '17 at 19:46
  • 1
    There was lots of comments about your question here. What happened to those? Only thing I see, there are 814 questions tagged for key-tool in stackoverflow. I don't know why you keep commenting the same thing here. – Sameera Kumarasingha Mar 17 '17 at 19:56
  • *"I don't know why you keep commenting the same thing here"* - Its not personal; its for user education. Stack Overflow does not do a good job at educating users. The hope is a future visitor will learn the purpose of the site and the alternatives if their question is off-topic. – jww Mar 17 '17 at 20:04
  • 1
    No. I didn't take it personal. But then questions like this, which related to OpenSSL should also be an off-topic questions. http://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl/27931596#27931596. Same question, different tools. – Sameera Kumarasingha Mar 17 '17 at 20:13
  • Yeah, fair enough. In the old days, I would cast a close vote without a custom reason. If the community did not close it, then the votes got dropped over time and no user education occurred. Now I use the custom close reason. It sticks after the close votes are dropped. – jww Mar 17 '17 at 20:29
  • The ones that bother me are from 2008-2011. The site rules were different back then, and a lot of questions were on-topic then (and off-topic now). I don't move against them because I don't think its fair to the poster. But I've seen the community go after them. – jww Mar 17 '17 at 20:31

1 Answers1

2

You can do this with the -export option. See the documentation. However self-signed certificates are a complete waste of time, especially now that SSL certificates can be obtained free. Get it signed. This also is documented.

user207421
  • 305,947
  • 44
  • 307
  • 483