Page Comparison

Generate a key pair for the server/service.

Code Block
$ keytool -genkey -alias server -keyalg RSA -keystore ./Server.jks -storetype PKCS12

alias = name of the key, for example, server
keystore = name of the keystore, for example, server.jks When prompted for first and last name the hostname where the certificate is valid should be entered, e.g. localhost. Other values can be anything.

Generate a Certificate Signing Request (CSR) so that we can get server's certificate get signed by a CA.

Code Block
$ keytool -certreq -alias server -keystore Server.jks -file Server.csr

Get the certificate signed by our the CA, Test CA in these example. See this page on how to set up a CA.

Code Block
$ openssl x509 -CA caroot.cer -CAkey cakey.pem -CAserial serial.txt -req -in Server.csr -out Server.cer -days 365

CA, CAkey and CAserial are files generated when setting up the CA.

Import the Test CA's root self signed certificate in server key store as a trusted certificate.

Code Block
$ keytool -import -alias TestCA -file caroot.cer -keystore Server.jks

...

Version	Old Version 7	New Version 8
Changes made by	Henrik Pålsson	Former user
Saved on	Oct 07, 2021	Oct 15, 2021

Versions Compared

Key