I need to create a self signed certificate with my own the Subject DN. Example: I want to set username in Subject DN. I will retrieve this information using
X509Certificate.getSubjectDN().getName().
I was able to set the IssuserDN using -dname option of the keytool.
keytool -genkey -keyalg RSA -dname "CN=MyApp ACES CA 2, OU=MyApp Public Sector, O=MyApp, C=US" -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
getIssuerDN().getName()
getSubjectDN().getName()
prints following:
CN=MyApp ACES CA 2, OU=MyApp Public Sector, O=MyApp, C=US
CN=MyApp ACES CA 2, OU=MyApp Public Sector, O=MyApp, C=US
Not sure how to set the Subject DN using java keytool or openssl.
Thanks
Related
My domain provider only alowes me to set common name and country in CSR, but with keytool emty atributes will always be set to [Unknown].
Is there a poisibility to set these attributes emty?
Or can i generate CSR for glassfish with Openssl?
There is an option to supply the DN value as you wish, instead of the keytool constructing it for you.
You could use the -dname option, like this:
keytool -genkeypair -keystore test.jks -storepass password -dname 'CN=localhost,C=US' -keyalg rsa -keysize 2048
I am trying to establish a secure connection for my application using jetty http server version 8.1.8.v20121106 with self signed certificate.
I am generating self signed certificate with the following command,
keytool -genkey -alias mykey -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -validity 365 -keypass password -keystore keystore.jks -storepass password
keytool -export -alias mykey -file server.cer -keystore keystore.jks -storepass password
keytool -import -alias mykey -file server.cer -keystore truststore.jks -storepass password
So, totally 3 files generate (keystore.jks,server.cer,truststore.jks)
After the server gets started, I got the following error in my browser. There are issues with the site's certificate chain (net::ERR_CERT_AUTHORITY_INVALID).
Could anyone help me to generate a trusted self signed certificate using keytool.
Thanks in advance.
It is the problem with java jdk. I have verified using java 1.8 and jdk1.7.0_79 it is working fyn for me. Change your java jdk version and verify. For further clarification, Please refer this link.
https://bugs.eclipse.org/bugs/show_bug.cgi?id=398644
I've been working on a client API using QuickFIX and I'm planning to use SSL and certificate based authentication. I generated self signed certificates for acceptor and initiator the following way:
1) Generate and export server/acceptor certificate:
keytool -genkeypair -keyalg RSA -keysize 2048 -alias server -keystore server.jks
keytool -export -alias server -file server.cer -keystore server.jks
2) Generate and export client/initiator certificate:
keytool -genkeypair -keyalg RSA -keysize 2048 -alias client -keystore client.jks
keytool -export -alias client -file client.cer -keystore client.jks
3) Import server/acceptor certificate to client keystore:
keytool -import -v -trustcacerts -alias server -file server.cer -keystore client.jks
4) Import client/initiator certificate to server/acceptor keystore:
keytool -import -v -trustcacerts -alias client -file client.cer -keystore server.jks
Acceptor config:
SocketUseSSL=Y
SocketKeyStore=server.jks
SocketKeyStorePassword=password
Initiator config:
SocketUseSSL=Y
SocketKeyStore=client.jks
SocketKeyStorePassword=password
Everything seems to work fine and data is getting encrypted. However, if I remove the initiator's client.jks keystore file, I will get a QuickFIX log entry saying "client.jks: keystore not found, using empty keystore". Strange thing, the initiator is still able to connect and establish a valid FIX session. I would expected the connection to be dropped immediately since no valid certificate is provided. Am I missing something?
The client certificate is not required by default, you must set this:
NeedClientAuth=Y
As per this : http://en.wikipedia.org/wiki/Certificate_signing_request the CSR can contain an email address.
My question is how can I add such e-mail address field considering I`m generating the CSR with keytool ?
Thank you.
When generating the key pair you can pass the Distinguished Name as a parameter with the -dname flag and thus add the EMAILADDRESS attribute.
keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048 -dname "CN=Your Name, EMAILADDRESS=your.name#example.com, C=UK"
Can we programmatically create X.509 Certificate which contains arbitrary attributes e.g. Age, Gender, Designation etc.
I need to create Authorization Certificate, which client application will present to server application before executing the required function.
I am using Java and C#, so any solution/suggestion is good for me.
Have a look at this site for a start.
Create keystore
keytool -genkey -alias youralias -keyalg RSA -keypass yourpassword123 -keystore yourKeystoreRSAMD5 -storepass store123 -sigalg MD5WITHRSA -validity 9999 -dname "CN=Common Name, OU=XYZ, O=Your company name, L=Your Town, S=Region, C=Countryname"
Export cert file in PEM format
keytool -export -alias youralias -file rsamd5YourKey.cer -keystore yourKeystoreRSAMD5 -storepass store123