"keytool" Generating Maria's CSR

Cryptography Tutorials - Herong's Tutorial Examples

∟"OpenSSL" Signing CSR Generated by "keytool"

∟"keytool" Generating Maria's CSR

This section provides a tutorial example on how to use 'keytool' to generate a CSR (Certificate Signing Request) containing a public key to ask a CA to sign it.

Maria can now use "keytool" to generate a CSR (Certificate Signing Request) containing her public and ask me as a CA to sign it for her. To do this, she needs to run one "keytool -certreq" command as shown below:

herong> keytool -certreq -alias maria_key -keypass keypass 
   -keystore maria.jks -storepass jkspass -file maria.csr

herong> more maria.csr
-----BEGIN NEW CERTIFICATE REQUEST-----
MIICgTCCAj4CAQAwfDELMAkGA1UEBhMCQVQxFDASBgNVBAgTC01hcmlh...
...
ah8gcsGwrIvlEJCJBra1HzsK
-----END NEW CERTIFICATE REQUEST-----

Notes on what Maria did:

"keytool -certreq" command is used to generated a CSR (Certificate Sign Request) based on the given key pair.
"-alias maria_key" option specifies the entry in the keystore file where to get the key pair.
"-keystore maria.jks" option specifies the keystore file.
"-file maria.csr" option specifies the file name where the CSR will be stored.
"type maria.csr" command shows the content of "maria.csr"

Normally, the distinguished name of the owner of the key pair should be asked when generating a CSR. But "keytool" has already asked and stored the distinguished name when generating the key pair.

Now Maria send her CSR file, maria.csr, to me. I will sign her CSR file into a public key certificate as described in the next section.

Table of Contents

About This Book

Cryptography Terminology

Cryptography Basic Concepts

Introduction to AES (Advanced Encryption Standard)

Introduction to DES Algorithm

DES Algorithm - Illustrated with Java Programs

DES Algorithm Java Implementation

DES Algorithm - Java Implementation in JDK JCE

DES Encryption Operation Modes

DES in Stream Cipher Modes

PHP Implementation of DES - mcrypt

Blowfish - 8-Byte Block Cipher

Secret Key Generation and Management

Cipher - Secret Key Encryption and Decryption

Introduction of RSA Algorithm

RSA Implementation using java.math.BigInteger Class

Introduction of DSA (Digital Signature Algorithm)

Java Default Implementation of DSA

Private key and Public Key Pair Generation

PKCS#8/X.509 Private/Public Encoding Standards

Cipher - Public Key Encryption and Decryption

MD5 Mesasge Digest Algorithm

SHA1 Mesasge Digest Algorithm

OpenSSL Introduction and Installation

OpenSSL Generating and Managing RSA Keys

OpenSSL Managing Certificates

OpenSSL Generating and Signing CSR

OpenSSL Validating Certificate Path

"keytool" and "keystore" from JDK

►"OpenSSL" Signing CSR Generated by "keytool"

"OpenSSL" Acting as a CA (Certificate Authority)

"OpenSSL" Generating CA's Private Key

"OpenSSL" Self-Signing CA's Public Key

"keytool" Generating Maria's Private Key

►"keytool" Generating Maria's CSR

"OpenSSL" Signing Maria's CSR

"OpenSSL" Managing Serial Numbers when Signing CSR

"keytool" Importing CA's Own Certificate

""keytool" Importing Maria's Certificate Signed by CA

Migrating Keys from "keystore" to "OpenSSL" Key Files

Certificate X.509 Standard and DER/PEM Formats

Migrating Keys from "OpenSSL" Key Files to "keystore"

Using Certificates in IE

Using Certificates in Google Chrome

Using Certificates in Firefox

Archived Tutorials

Full Version in PDF/EPUB