Storing Personal Certificate with Its Keys

This section provides a tutorial example on how to merge a personal certificate with its private-public key pair in a KeyStore file, which needs to be converted in a PKCS12 file, because most PKI applications can only import PKCS12 files.

Now I need to merge the signed certificate with the corresponding private-public key pair in the KeyStore file.

1. View my personal certificate:

C:\herong>\local\jdk\bin\keytool -printcert 
   -file herong_yang_yahoo_com.pem

Owner: EMAILADDRESS=herong_yang@yahoo.com, CN=CAcert WoT User
Issuer: EMAILADDRESS=support@cacert.org, CN=CA Cert Signing Authority, 
   OU=http://www.cacert.org, O=Root CA
...

Noticed that CAcert.org has change the CN field to "CAcert WoT User" and put my email address into an EMAILADDRESS field.

2. Import the CAcert.org root certificate first:

C:\herong>\local\jdk\bin\keytool -importcert -keystore herong.jks 
   -storepass HerongJKS -alias cacertsigningauthority 
   -file CACertSigningAuthority.crt

3. Import my personal certificate signed by CAcert.org together with its private-public key pair:

C:\herong>\local\jdk\bin\keytool -importcert -keystore herong.jks 
   -storepass HerongJKS -alias herongyang@yahoo.com 
   -file herong_yang_yahoo_com.pem

4. Export my personal certificate with its private-public key pair:

C:\herong>\local\jdk\bin\keytool -importkeystore 
   -srckeystore herong.jks -srcstoretype jks -srcstorepass HerongJKS
   -srcalias herong_yang@yahoo.com -srckeypass HerongJKS 
   -destkeystore personal.p12 -deststoretype pkcs12 
   -deststorepass HerongP12 -destkeypass HerongP12

Now my personal certificate with its private-public key pair is stored in a PKCS12 file, personal.p12, ready to be imported into any PKI client applications.

Last update: 2011.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

 Using HTTPS with IE (Internet Explorer) 10

 Using HTTPS with Chrome 40

 Using HTTPS with Firefox 35

 Perl Scripts Communicating with HTTPS Servers

 PHP Scripts Communicating with HTTPS Servers

 Java Programs Communicating with HTTPS Servers

 Certificate Stores and Certificate Console

 .NET Programs Communicating with HTTPS Servers

 CAcert.org - Root CA Offering Free Certificates

 PKI CA Administration - Issuing Certificates

 Digital Signature - Microsoft Word 2007

Digital Signature - OpenOffice.org 3

 OpenOffice.org 3 - Applying Digital Signatures

 Converting KeyStore Files to PKCS12 Files

 Importing Private-Public Key Pair with Internet Options

 Viewing a Certificate with a Private Key

 Importing CA Certificates into the Trusted Store

 Signing OpenOffice.org 3 Document Failed

 Generating CSR for a Personal Certificate

 Getting Personal Certificate Signed by CAcert.org

Storing Personal Certificate with Its Keys

 Installing Personal Certificate with Internet Options

 Signing OpenOffice.org 3 Document Worked

 S/MIME and Email Security

 PKI (Public Key Infrastructure) Terminology

 Outdated Tutorials

 References

 PDF Printing Version