How to Obtain a Signature for an SSL Certificate
If you want to use a Certificate signed by a Certifying Authority, follow this procedure to submit the Certificate to the Certifying Authority to be signed.
Steps
-
Generate the Certificate Request.
% keytool -certreq -v -alias tomcat -keyalg RSA -keystore /keystore-location
/keystore-location is the location and filename where you stored the generated key.
-
Send the Certificate Request to the Certifying Authority.
Follow the instructions provided by the Certifying Authority. The Certifying Authority returns a Certificate Reply.
-
Save the Certificate Reply to a file.
-
Verify the Certificate Reply.
% keytool -printcert -file certificate-reply-file
certificate-reply-file is the filename of the Certificate Reply that you received from the Certifying Authority.
-
Import the Certificate Reply file to the keystore file.
% keytool -v -import -trustcacerts -keystore /keystore-location -file certificate-reply-file -alias tomcat
/keystore-location is the location and filename where you stored the generated key. certificate-reply-file is the filename of the Certificate Reply that you received from the Certifying Authority.
-
Verify the imported Certificate Reply.
% keytool -v -list -keystore /keystore-location
/keystore-location is the location and filename where you stored the generated key.
- © 2010, Oracle Corporation and/or its affiliates