Export Self-Signed Certificate from the Client's Keystore
Given a client's keystore, we can export a self-signed cerificate.
Required inputs
- client's alias (for example, "myclient")
- key store filename (for example, "keystore_client")
- key store password (for example, "secretPassword")
- name of file to which the self-signed certificate is to be exported (for example, "myclient.cer")
Procedure
- Open a command window
- Ensure that the command window contains the JRE\bin directory in its path
set path=%path%;C:\j2sdk1.4.2_02\bin
- Navigate the command window to a private directory which will contain the server's keystore file
(for example, C:\TomCat\webapps\MyWebApp\private\)
- Export a self-signed certificate from the client's keystore.
- keytool -export -alias <client_alias> -keystore <keystore_filename> -rfc -file <self_signed_certificate>
(for example, keytool -export -alias myclient -keystore keystore_client -rfc -file myclient.cer)
- Enter keystore password: secretPassword <Return>
- Verify creation of the server's self-signed certificate myclient.cer.
- The client's public
certificate can now be imported into a trust store.