Export Self-Signed Certificate from the Server's Keystore
Given a server keystore, we can export a self-signed cerificate.
Required inputs
- server alias (for example, "myserver")
- key store filename (for example, "keystore_server")
- key store password (for example, "secretPassword")
- name of file to which the self-signed certificate is to be exported (for example, "myserver.cer")
Procedure
- Open a command window
- Ensure that the command window contains the JRE\bin directory in its path
set path=%path%;C:\j2sdk1.4.2_02\bin
- Navigate the command window to a private directory which will contain the server's keystore file
(for example, C:\TomCat\webapps\MyWebApp\private\)
- Export a self-signed certificate from the server's keystore.
- keytool -export -alias <server_alias> -keystore <keystore_filename> -rfc -file <self_signed_certificate>
(for example, keytool -export -alias myserver -keystore keystore_server -rfc -file myserver.cer)
- Enter keystore password: secretPassword <Return>
- Verify creation of the server's self-signed certificate myserver.cer.
- The server's public
certificate can now be imported into a trust store.