The example in this section shows how to create a Certificate SigningRequest with keytool and generate a signedcertificate for the Certificate Signing Request with the CA created in theprevious section. The steps shown in this section, for generating a KeyStore and a Certificate Signing Request, werealready explained under Creating a KeyStore in JKS Format.
Aug 22, 2014 The MMC is now loaded with the Certificates snap-in. Expand Certificates- and click on 'Personal'- 'Certificates' 8. Right click the appropriate CA cert and choose 'All Tasks'- 'Export' The Certificate Export Wizard will launch 9. Click 'Next'- Select 'Yes, Export the private key'- 'Next' 10. Uncheck all of the options here. I followed steps from digcert I created private key file, Certificate Request CSR file. I sent Certificate Request to CA and got my signed CSR back. But CA sent me a bundle with two certificates, one is my certificate signed by CA and second is CA Certificate.(1. Starxyxabccom crt file, 2.DigiCertCA crt file).
No details are given here for the keytool commands.See Creating a KeyStore in JKS Format formore information.
Perform the following operations from the command line.
Generate the Certificate Signing Request.
Cleanmymacx key generator online free. Generate a signed certificate for the associated Certificate SigningRequest.
Use the keytool to import the CA certificate into the client keystore.
Use the keytool to import the signed certificate for the associatedclient alias in the keystore.
The following error will be generated if there is no certificatechain in the client certificate.
This error is because the CA’s certificate was not imported intothe KeyStore first. You must import theCA's certificate (step 4), then import the client.cer file itself to forma certificate chain (step 5).
Now that we have a private key and an associating certificate chainin the KeyStore clientkeystore, we canuse it as a KeyStore for client (adapter)authentication. The only warning is that the CA certificate must be importedinto the trusted certificate store of the web server to which you will beconnecting. Moreover, the web server must be configured for client authentication(httpd.conf for Apache, for example).