Export Self-Signed Certificate from the Client's Keystore

Given a client's keystore, we can export a self-signed cerificate.

Required inputs

• client's alias (for example, "myclient")
• key store filename (for example, "keystore_client")
• key store password (for example, "secretPassword")
• name of file to which the self-signed certificate is to be exported (for example, "myclient.cer")

Procedure

1. Open a command window
2. Ensure that the command window contains the JRE\bin directory in its path
   set path=%path%;C:\j2sdk1.4.2_02\bin
3. Navigate the command window to a private directory which will contain the server's keystore file (for example, C:\TomCat\webapps\MyWebApp\private\)
4. Export a self-signed certificate from the client's keystore.
   1. keytool -export -alias <client_alias> -keystore <keystore_filename> -rfc -file <self_signed_certificate>
      (for example, keytool -export -alias myclient -keystore keystore_client -rfc -file myclient.cer)
   2. Enter keystore password: secretPassword <Return>
5. Verify creation of the server's self-signed certificate myclient.cer.
6. The client's public certificate can now be imported into a trust store.