Categories:
Android (13)
Apple Mac (27)
DH Keys (39)
DSA Keys (71)
EC Keys (1854)
Firefox (30)
General (10)
Google Chrome (25)
Intermediate CA (152)
Java VM (29)
JDK Keytool (28)
Microsoft CertUtil (29)
Microsoft Edge (9)
Mozilla CertUtil (21)
OpenSSL (236)
Other (7)
Portecle (38)
Publishers (5380)
Revoked Certificates (16)
Root CA (85)
RSA Keys (4393)
Tools (46)
Tutorial (1)
What Is (22)
Windows (127)
Collections:
Other Resources:
Java "keytool -certreq" Command Options
What options are supported by the "keytool -certreq" command?
✍: FYIcenter.com
Java Keytool can be used to generate a certificate signing request file
using the "keytool -certreq" command.
A certificate signing request file contains the owner's public key
for the Certificate Authority (CA) to sign it into a certificate.
The "keytool -certreq" command supports the following options:
C:\Users\fyicenter> keytool -certreq -help keytool -certreq [OPTION]... Generates a certificate request Options: -alias <alias> alias name of the entry to process -sigalg <sigalg> signature algorithm name -file <filename> output file name -keypass <arg> key password -keystore <keystore> keystore name -dname <dname> distinguished name -storepass <arg> keystore password -storetype <storetype> keystore type -providername <providername> provider name -providerclass <providerclass> provider class name -providerarg <arg> provider argument -providerpath <pathlist> provider classpath -v verbose output -protected password through protected mechanism Use "keytool -help" for all available commands
The "keytool -certreq" command generates a Certificate Signing Request (CSR), using the PKCS#10 format.
A CSR is intended to be sent to a certificate authority (CA). The CA will authenticate the certificate requestor (usually off-line) and will return a certificate or certificate chain, used to replace the existing certificate chain (which initially consists of a self-signed certificate) in the keystore.
The private key associated with alias is used to create the PKCS#10 certificate request. In order to access the private key, the appropriate password must be provided, since private keys are protected in the keystore with a password. If keypass is not provided at the command line, and is different from the password used to protect the integrity of the keystore, the user is prompted for it. If dname is provided, it's used as the subject in the CSR. Otherwise, the X.500 Distinguished Name associated with alias is used.
sigalg specifies the algorithm that should be used to sign the CSR.
The CSR is stored in the file certreq_file. If no file is given, the CSR is output to stdout.
Use the importcert command to import the response from the CA.
⇒ "keytool -certreq" Command Examples - Certificate Signing Request
⇐ Managing Certificate Requests with Java Keytool
2012-07-20, 16911👍, 0💬
Popular Posts:
Certificate Summary: Subject: Yandex Passport Issuer: YandexExternalCA Expiration: 2014-01-17 15:15:...
Certificate summary - Owner: WebSpace-Forum Server CA, "WebSpace-Forum, Thomas Wendt", DE Issuer: UT...
Certificate summary - Owner: www.dmm.co.jp, Terms of use at www.verisign.com/rpa (c)05, NetworkTeam,...
How to see the list of trusted root Certification Authorities (CA) and their certificates used by Go...
Certificate Summary: Subject: Baltimore CyberTrust Code Signing Root Issuer: Baltimore CyberTrust Co...