Categories:
DH Keys (39)
DSA Keys (69)
EC Keys (339)
Firefox (32)
General (13)
Google Chrome (25)
Intermediate CA (152)
Java VM (20)
JDK Keytool (25)
Microsoft CertUtil (26)
Mozilla CertUtil (18)
OpenSSL (237)
Other (17)
Portecle (38)
Publishers (1969)
Revoked Certificates (30)
Root CA (87)
RSA Keys (1834)
Tools (47)
Tutorial (7)
What Is (21)
Windows (129)
Collections:
Other Resources:
Java "keytool -gencert" Command Options
What options are supported by the "keytool -gencert" command?
✍: FYIcenter.com
Java Keytool can be used to sign a CSR (Certificate Signing Request) file using the "keytool -gencert" command, which supports the following options:
C:Usersfyicenter>"Program Filesjavajre7inkeytool" -gencert -help keytool -gencert [OPTION]... Generates certificate from a certificate request Options: -rfc output in RFC style -infile <filename> input file name -outfile <filename> output file name -alias <alias> alias name of the entry to process -sigalg <sigalg> signature algorithm name -dname <dname> distinguished name -startdate <startdate> certificate validity start date/time -ext <value> X.509 extension -validity <valDays> validity number of days -keypass <arg> key password -keystore <keystore> keystore name -storepass <arg> keystore password -storetype <storetype> keystore type -providername <providername> provider name -providerclass <providerclass> provider class name -providerarg <arg> provider argument -providerpath <pathlist> provider classpath -v verbose output -protected password through protected mechanism Use "keytool -help" for all available commands
The "keytool -gencert" command generates a certificate as a response to a certificate request file (which can be created by the keytool -certreq command). The command reads the request from infile (if omitted, from the standard input), signs it using alias's private key, and output the X.509 certificate into outfile (if omitted, to the standard output). If -rfc is specified, output format is BASE64-encoded PEM; otherwise, a binary DER is created.
sigalg specifies the algorithm that should be used to sign the certificate. startdate is the start time/date that the certificate is valid. valDays tells the number of days for which the certificate should be considered valid.
If dname is provided, it's used as the subject of the generated certificate. Otherwise, the one from the certificate request is used.
ext shows what X.509 extensions will be embedded in the certificate.
Java Keytool can be used to sign a CSR (Certificate Signing Request) file using the "keytool -gencert" command, which supports the following options:
C:\Users\fyicenter>"\Program Files\java\jre7\bin\keytool" -gencert -help keytool -gencert [OPTION]... Generates certificate from a certificate request Options: -rfc output in RFC style -infile <filename> input file name -outfile <filename> output file name -alias <alias> alias name of the entry to process -sigalg <sigalg> signature algorithm name -dname <dname> distinguished name -startdate <startdate> certificate validity start date/time -ext <value> X.509 extension -validity <valDays> validity number of days -keypass <arg> key password -keystore <keystore> keystore name -storepass <arg> keystore password -storetype <storetype> keystore type -providername <providername> provider name -providerclass <providerclass> provider class name -providerarg <arg> provider argument -providerpath <pathlist> provider classpath -v verbose output -protected password through protected mechanism Use "keytool -help" for all available commands
The "keytool -gencert" command generates a certificate as a response to a certificate request file (which can be created by the keytool -certreq command). The command reads the request from infile (if omitted, from the standard input), signs it using alias's private key, and output the X.509 certificate into outfile (if omitted, to the standard output). If -rfc is specified, output format is BASE64-encoded PEM; otherwise, a binary DER is created.
sigalg specifies the algorithm that should be used to sign the certificate. startdate is the start time/date that the certificate is valid. valDays tells the number of days for which the certificate should be considered valid.
If dname is provided, it's used as the subject of the generated certificate. Otherwise, the one from the certificate request is used.
ext shows what X.509 extensions will be embedded in the certificate.
2012-07-21, 10505👍, 0💬
Popular Posts:
Why I am getting the "./demoCA/newcerts: No such file or directory" error when running OpenSSL "ca" ...
Certificate summary - Owner: Thawte DV SSL CA, Domain Validated SSL, "Thawte, Inc.", US Issuer: thaw...
What options are supported by the "keytool -certreq" command? Java Keytool can be used to generate a...
How to see the signing chain of a server certificate in IE? I want to know the root CA who signs the...
Certificate Summary: Subject: http://www.valicert.com/ Issuer: http://www.valicert.com/ Expiration: ...