'Create a keystore with a CA-signed PrivateKeyEntry
I would like to refresh a small Java keystore, updating dates to 10 years in the future.
My keystore contains 2 entries, seen with keytool -v -list :
Alias name: myCA
Creation date: Feb 5, 2018
Entry type: trustedCertEntry
...
Owner: contains all properties needed for myCA ...
Issuer: same properties as myCA (so self-signed certificate)
...
Alias name: myHost
Creation date: Feb 5, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=myhost, etc ...
Issuer: same properties as myCA
...
Certificate[2]:
Owner: same properties as myCA
Issuer: same properties as myCA
...
I only achieved to create 2 entries of type trustedCertEntry in my new keystore, I would like to create a trustedCertEntry and a PrivateKeyEntry
What commands can I do to create a myCA-signed private key and add it to the new keystore ?
PS will peers which are today validating myCa sefl-signed certificate validate the new one if I only use the same properties for myCA ? is it enough ?
Solution 1:[1]
With patience ....
openssl pkcs12 -export -out temp.p12 -inkey myHost.key -in myHost.crt -certfile myCA.crt
keytool -v -importkeystore -srckeystore temp.p12 -srcstoretype PKCS12 -destkeystore mystore
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | troubadour |