Export Self-Signed Certificate from the Server's Keystore

Given a server keystore, we can export a self-signed cerificate.

Required inputs

• server alias (for example, "myserver")
• key store filename (for example, "keystore_server")
• key store password (for example, "secretPassword")
• name of file to which the self-signed certificate is to be exported (for example, "myserver.cer")

Procedure

1. Open a command window
2. Ensure that the command window contains the JRE\bin directory in its path
   set path=%path%;C:\j2sdk1.4.2_02\bin
3. Navigate the command window to a private directory which will contain the server's keystore file (for example, C:\TomCat\webapps\MyWebApp\private\)
4. Export a self-signed certificate from the server's keystore.
   1. keytool -export -alias <server_alias> -keystore <keystore_filename> -rfc -file <self_signed_certificate>
      (for example, keytool -export -alias myserver -keystore keystore_server -rfc -file myserver.cer)
   2. Enter keystore password: secretPassword <Return>
5. Verify creation of the server's self-signed certificate myserver.cer.
6. The server's public certificate can now be imported into a trust store.