Create Java KeyStore
This section uses Java keytool commands to generate a new key pair on the , create a Certificate Signing Request (CSR), issue a certificate through an internal or external CA, and import the signed certificate and its accompanying CA certificate into a Java KeyStore.
Perform the following tasks to ensure that you can use jarsigner and the signed certificate to sign a JAR file in the next section:
- Generate a server key pair and self-signed certificate.
- Generate and export a CSR.
- Import a CA root certificate.
- Import the server certificate signed by the CA.
Because the JDK 8 installation includes keytool, you can run the commands without additional configuration.
Execute the following command:
-alias sets a name to identify the key pair and certificate to be generated. It can be any name (for example, JarSignerDemo).
When prompted, enter the following information for the server certificate you want to generate and enter a new KeyStore password, which all subsequent keytool and jarsigner commands use:
To generate and export a CSR, run the following command:
Enter the KeyStore password.
Send the CSR to a third-party or internal CA to get it signed.
The CA returns the server certificate and CA certificate for you to import.
To import the CA root certificate, run the following command:
Enter the KeyStore password.
When prompted to trust the certificate, enter Yes as shown in the following example:
To import the signed server certificate, run the following command:
Enter the KeyStore password.
If the command was successful, you should see an output similar to the following: