Cryptography Tutorials - Herong's Tutorial Examples - Version 5.33, by Dr. Herong Yang
"keytool" Generating Maria's CSR
This section provides a tutorial example on how to use 'keytool' to generate a CSR (Certificate Signing Request) containing a public key to ask a CA to sign it.
Maria can now use "keytool" to generate a CSR (Certificate Signing Request) containing her public and ask me as a CA to sign it for her. To do this, she needs to run one "keytool -certreq" command as shown below:
>keytool -certreq -alias maria_key -keypass keypass -keystore maria.jks -storepass jkspass -file maria.csr >type maria.csr -----BEGIN NEW CERTIFICATE REQUEST----- MIICgTCCAj4CAQAwfDELMAkGA1UEBhMCQVQxFDASBgNVBAgTC01hcmlh... ... ah8gcsGwrIvlEJCJBra1HzsK -----END NEW CERTIFICATE REQUEST-----
Notes on what Maria did:
Normally, the distinguished name of the owner of the key pair should be asked when generating a CSR. But "keytool" has already asked and stored the distinguished name when generating the key pair.
Now Maria send her CSR file, maria.csr, to me. I will sign her CSR file into a public key certificate as described in the next section.
Last update: 2013.
Table of Contents