Last active
June 5, 2019 19:57
-
-
Save luiswolff/47ac6ccf72dbfda9a36382006ab0ad2f to your computer and use it in GitHub Desktop.
This gist show how to create a self signed certificate (bob) and use it to sign a other (alice). So a application only requires to know the public key of bob in order to trust alice, too. The Java Keytool is used.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rem # create a new self signed certificate insite the keystore bob.jks. This will act as issuer for the other certificate | |
rem # It is importent to add the extention BasicConstraints Certificate Authority (bc:c) | |
rem # Otherwise tools like the JVM will not accept other certificates issued by this | |
keytool -genkey -alias bob -keyalg RSA -keypass changeit -storepass changeit -keystore bob.jks -dname CN=bob -ext bc:c | |
rem # create a other self siged certificate for with we will create a Certificate Sign Request (CSR) | |
keytool -genkey -alias alice -keyalg RSA -keypass changeit -storepass changeit -keystore alice.jks -dname CN=alice | |
rem # export bob's public key so it can be used by others | |
keytool -exportcert -alias bob -keystore bob.jks -storepass changeit -file bob.cer | |
rem # import bob's public key into the key store of alice, so she can trust him | |
keytool -importcert -keystore .\alice.jks -storepass changeit -file bob.cer -alias bob -noprompt | |
rem # create a new certificate sign request (CSR) for alice | |
keytool -certreq -alias alice -keystore .\alice.jks -storepass changeit -file alice.csr | |
rem # sign the CSR from alice using bob's private key | |
keytool -gencert -infile .\alice.csr -outfile .\alice.cer -alias bob -keystore .\bob.jks -storepass changeit | |
rem # reimport the certificate signed by bob into the key store of alice | |
keytool -importcert -file alice.cer -alias alice -keypass changeit -keystore .\alice.jks -storepass changeit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment