Sometimes there is a need to use private/public key pair for authentication/verification. SSH and other secure command utilize a similar strategy.
Below steps create two files. The file called keystore.jks holds the private key that is used to sign a piece of data. They keystore.jks is a private file and should be secured. The file customer.jks contains the certificate-which wraps the corresponding public key.
The file customer.jks is public and can be used to verify the signature produced by using private key from keystore.jks.
1. Create a JKS file to hold the private key and certificate (which is wrapped public key)
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
2. Export the certificate from keystore file created in previous step with to a file called mydomain.crt
keytool -export -alias selfsigned -file mydomain.crt -keystore keystore.jks
3. Create a new JKS file to hold the certificate exported in previous step
keytool -genkey -keyalg RSA -alias blah -keystore customer.jks -storepass password -validity 360 -keysize 2048
4. Now import the exported certificate to the customer.jks
keytool -importcert -alias selfsigned -file mydomain.crt -keystore customer.jks
5. Verify that customer.jks contains certificate with alias selfsigned
keytool -list -v -keystore customer.jks
Below steps create two files. The file called keystore.jks holds the private key that is used to sign a piece of data. They keystore.jks is a private file and should be secured. The file customer.jks contains the certificate-which wraps the corresponding public key.
The file customer.jks is public and can be used to verify the signature produced by using private key from keystore.jks.
1. Create a JKS file to hold the private key and certificate (which is wrapped public key)
keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
2. Export the certificate from keystore file created in previous step with to a file called mydomain.crt
keytool -export -alias selfsigned -file mydomain.crt -keystore keystore.jks
3. Create a new JKS file to hold the certificate exported in previous step
keytool -genkey -keyalg RSA -alias blah -keystore customer.jks -storepass password -validity 360 -keysize 2048
4. Now import the exported certificate to the customer.jks
keytool -importcert -alias selfsigned -file mydomain.crt -keystore customer.jks
5. Verify that customer.jks contains certificate with alias selfsigned
keytool -list -v -keystore customer.jks
No comments:
Post a Comment