This post is divided into three sections.
a. Generate a self-signed certificate
b. Import the certificate to keystore
c. Export the public and private keys from the keystore
Generate a self-signed certificate
Go to this post, and create a .der file
Import the certificate to keystore
Open terminal and execute below command.
keytool -import -alias java-blogspot -keystore myKeystore.jks -file myDomain.der
$keytool -import -alias java-blogspot -keystore myKeystore.jks -file myDomain.der
Enter keystore password:
Re-enter new password:
Owner: EMAILADDRESS=demo@demo.com, CN=sample-app.com, OU=hr, O=abcCorp, L=Bangalore, ST=Karnataka, C=IN
Issuer: EMAILADDRESS=demo@demo.com, CN=sample-app.com, OU=hr, O=abcCorp, L=Bangalore, ST=Karnataka, C=IN
Serial number: fef9fa87f9f94435
Valid from: Wed Feb 08 10:26:36 IST 2023 until: Thu Feb 08 10:26:36 IST 2024
Certificate fingerprints:
SHA1: 7C:86:63:8B:3B:92:5B:EA:57:DC:B8:F0:FE:40:57:D7:EF:32:13:D6
SHA256: E1:C6:0A:BD:34:83:C8:86:3E:65:A4:01:F0:CB:EB:C7:73:EB:F6:19:77:EE:CE:EF:62:44:63:37:73:64:2E:37
Signature algorithm name: SHA1withRSA (weak)
Subject Public Key Algorithm: 2048-bit RSA key
Version: 1
Warning:
The input uses the SHA1withRSA signature algorithm which is considered a security risk. This algorithm will be disabled in a future update.
Trust this certificate? [no]: y
Certificate was added to keystore
Print the entries in keystore.
keytool -list -keystore myKeystore.jks Enter keystore password: Keystore type: PKCS12 Keystore provider: SUN Your keystore contains 1 entry java-blogspot, 8 Feb 2023, trustedCertEntry, Certificate fingerprint (SHA-256): E1:C6:0A:BD:34:83:C8:86:3E:65:A4:01:F0:CB:EB:C7:73:EB:F6:19:77:EE:CE:EF:62:44:63:37:73:64:2E:37
Export public key for the alias java-blogspot
keytool -export -alias java-blogspot -keystore myKeystore.jks -rfc -file public.cert
$keytool -export -alias java-blogspot -keystore myKeystore.jks -rfc -file public.cert
Enter keystore password:
Certificate stored in file <public.cert>
$
$
$cat public.cert
-----BEGIN CERTIFICATE-----
MIIDlDCCAnwCCQD++fqH+flENTANBgkqhkiG9w0BAQUFADCBizELMAkGA1UEBhMC
SU4xEjAQBgNVBAgMCUthcm5hdGFrYTESMBAGA1UEBwwJQmFuZ2Fsb3JlMRAwDgYD
VQQKDAdhYmNDb3JwMQswCQYDVQQLDAJocjEXMBUGA1UEAwwOc2FtcGxlLWFwcC5j
b20xHDAaBgkqhkiG9w0BCQEWDWRlbW9AZGVtby5jb20wHhcNMjMwMjA4MDQ1NjM2
WhcNMjQwMjA4MDQ1NjM2WjCBizELMAkGA1UEBhMCSU4xEjAQBgNVBAgMCUthcm5h
dGFrYTESMBAGA1UEBwwJQmFuZ2Fsb3JlMRAwDgYDVQQKDAdhYmNDb3JwMQswCQYD
VQQLDAJocjEXMBUGA1UEAwwOc2FtcGxlLWFwcC5jb20xHDAaBgkqhkiG9w0BCQEW
DWRlbW9AZGVtby5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+
DD14AR8oC1z8Jj2EUt7NNTTHVay8V84AeQxjqf5SULDNo428T8h3NaQNwOfpvVlP
zPbln5yit/SCSc5ZHXb2ijdedxcDeBgQn9jjXtoGZAzzjj0s36gMVw8hWJRLnNus
C0vfp7URCc4qvGWD3erktm4hh8IXDgggpOrHNXAdG1NtfUsq7u4Ys6ZUfVWJ0Qd4
PPKZDpGwpfFm07m5PxEJ7DaIMXwJaztdV/ub+DY+R5qzYltMSfNoGcjdL+zWouCh
65rNJC+iYZuh9cp/rb+N16Ln+H8mdt5Z9H/sX/00IftvCtGNyxCK42t+iF0DKiFT
4txB84NA/HvkNtRCtJptAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAA7zpvhg6gxm
ieEFwqOSpdoUtj1b/UrmOq7Viol/PFZrSH4EWQHmIOZGTl+QQfwviZBjgJCzizRK
G+4CQBvpKTZOA1C6hYdxkhkVfdZ2fAAJahz+FuexzQR7FOxPf75Rixiosc87/m91
OVpu/KsJtUiS44cEwGfgz7LUsh6vUYHQnIIGCu2l0byuUBU64KnX1vpuDKwmQ2II
nzbANQ0CFINctgczk63FaadyPbUzUeuxy3fqxMgeIB92QqW536yGRVAOGqZ0aRgL
ouYm43egLnQMnQacHNXxVwfc/lQfoGRx1t9t46+Hu4KaINqnPYgo/my5XOAJZ+98
d+FHjYT0bYE=
-----END CERTIFICATE-----
Note
Just to note, only public key is embedded in the SSL certificate and Private key is stored on the server and kept secret.
No comments:
Post a Comment