![]() ![]() In the new keystore, choose Tools > Import Key Pair.When prompted, choose Create a new KeyStore.It overcomes some of the limitations of keytool, such as the ability to import public/private key-pairs. Keystore Explorer is a free, open-source, GUI replacement for the Java command-line utility keytool. Download and install Keystore Explorer, if you haven't already.When this step is completed, you will have a number of certificate files provided by your CA, the newly created chain-certificate.pem, and the host-key.pem file generated in step 1 which contains the private key . Root CA certificates will be self-signed, meaning the issuing and subject fields will match. The issuing field of the certificate will match the subject field of the certificate which signed it. If in doubt as to the order in which certificates were signed, the certificates can be examined (double click in Windows) and the subject and issuing fields inspected. For example, the chain file for a certificate signed by a CA using two intermediate certificates would look something like this: ![]() The first item in that new file should be the contents of the root CA certificate, followed by the first intermediate certificate, followed by any other intermediate certificates, and then lastly, the host certificate. In order to build the chain file ( chain-certificate.pem) , copy the contents of the certificate file, including the header and footer lines, into a new file. If you open each certificate in a text editor, you will find the certificate data is wrapped in a BEGIN and END header/footer as illustrated here: There may not be intermediate CA certificates, but if there are, they must be included in the chain in the correct order. We must copy the contents of each certificate into a new file, which we will call chain-certificate.pem, in the order in which they signed each other. This chain is of the form root CA certificate > zero or more Intermediate CA certificate(s) > Host certificate (referred to as end-point or leaf).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |