3.4.1.1 Import Intermediate CA Certificate
You need to import the intermediate CA certificate into the identity keystore. Most Certificate Authorities do not use the root CA certificates to issue identity certificates for use by customers. Instead, Intermediate CAs issue identity certificates in response to the submitted CSRs.
Execute the following command to import the intermediate CA certificate into the keystore:
keytool -importcert -alias alias -file cert_file
-trustcacerts -keystore keystore
In the above command,
Table 3-5 Description of Placeholders
Placeholder | Description |
---|---|
|
|
|
|
|
|
Note:
The trustcacerts flag is used to consider other certificates (higher intermediaries and the root CA) in the chain of trust. If no chain of trust is established during verification, the certificate will be displayed and one would be prompted to verify it. It is recommended that due diligence be observed when the prompt is displayed to verify a certificate when a chain of trust is absent.A sample execution of the command is listed below:
D:\Oracle\weblogic11g\jrockit_160_05_R27.6.2-20\bin>keytool - importcert
-alias verisigntrialintermediateca -file
D:\keystores\VerisignIntermediateCA.cer -trustcacerts -keystore
D:\keystoreworkarea\AdminOBREMOKeyStore.jks
Enter keystore password:<Enter the password used to access the
keystore>
Certificate was added to keystore
Parent topic: About Obtaining and Importing Trusted Certificate