PKI Tutorials - Herong's Tutorial Examples - v2.32, by Herong Yang
Storing Personal Certificate with Its Keys
This section provides a tutorial example on how to merge a personal certificate with its private-public key pair in a KeyStore file, which needs to be converted in a PKCS12 file, because most PKI applications can only import PKCS12 files.
Now I need to merge the signed certificate with the corresponding private-public key pair in the KeyStore file.
1. View my personal certificate:
herong> keytool -printcert \ -file herong_yang_yahoo_com.pem Owner: EMAILADDRESS=herong_yang@yahoo.com, CN=CAcert WoT User Issuer: EMAILADDRESS=support@cacert.org, CN=CA Cert Signing Authority, OU=http://www.cacert.org, O=Root CA ...
Noticed that CAcert.org has change the CN field to "CAcert WoT User" and put my email address into an EMAILADDRESS field.
2. Import the CAcert.org root certificate first:
herong> keytool -importcert -keystore herong.jks \ -storepass HerongJKS -alias cacertsigningauthority \ -file CACertSigningAuthority.crt
3. Import my personal certificate signed by CAcert.org together with its private-public key pair:
herong> keytool -importcert -keystore herong.jks \ -storepass HerongJKS -alias herongyang@yahoo.com \ -file herong_yang_yahoo_com.pem
4. Export my personal certificate with its private-public key pair:
herong> keytool -importkeystore \ -srckeystore herong.jks -srcstoretype jks -srcstorepass HerongJKS \ -srcalias herong_yang@yahoo.com -srckeypass HerongJKS \ -destkeystore personal.p12 -deststoretype pkcs12 \ -deststorepass HerongP12 -destkeypass HerongP12
Now my personal certificate with its private-public key pair is stored in a PKCS12 file, personal.p12, ready to be imported into any PKI client applications.
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of HTTPS (Hypertext Transfer Protocol Secure)
Using HTTPS with Google Chrome
Using HTTPS with Mozilla Firefox
HTTPS with IE (Internet Explorer)
Android and Server Certificate
Windows Certificate Stores and Console
RDP (Remote Desktop Protocol) and Server Certificate
macOS Certificate Stores and Keychain Access
Perl Scripts Communicating with HTTPS Servers
PHP Scripts Communicating with HTTPS Servers
Java Programs Communicating with HTTPS Servers
.NET Programs Communicating with HTTPS Servers
CAcert.org - Root CA Offering Free Certificates
PKI CA Administration - Issuing Certificates
Comodo Free Personal Certificate
Digital Signature - Microsoft Word
►Digital Signature - OpenOffice.org 3
OpenOffice.org 3 - Applying Digital Signatures
Converting KeyStore Files to PKCS12 Files
Importing Private-Public Key Pair with Internet Options
Viewing a Certificate with a Private Key
Importing CA Certificates into the Trusted Store
Signing OpenOffice.org 3 Document Failed
Generating CSR for a Personal Certificate
Getting Personal Certificate Signed by CAcert.org
►Storing Personal Certificate with Its Keys
Installing Personal Certificate with Internet Options
Signing OpenOffice.org 3 Document Worked