Export Self-Signed Certificate from the Client's Keystore

Given a client's keystore, we can export a self-signed cerificate.

Required inputs

Procedure

  1. Open a command window
  2. Ensure that the command window contains the JRE\bin directory in its path
    set path=%path%;C:\j2sdk1.4.2_02\bin
  3. Navigate the command window to a private directory which will contain the server's keystore file (for example, C:\TomCat\webapps\MyWebApp\private\)
  4. Export a self-signed certificate from the client's keystore.
    1. keytool -export -alias <client_alias> -keystore <keystore_filename> -rfc -file <self_signed_certificate>
      (for example, keytool -export -alias myclient -keystore keystore_client -rfc -file myclient.cer)
    2. Enter keystore password: secretPassword <Return>
  5. Verify creation of the server's self-signed certificate myclient.cer.
  6. The client's public certificate can now be imported into a trust store.