Creating Testing Certificate and asociated Keystore

Hi... I wrote a program that signs a document using a .cer file (X509Certificate) and a .pfx or .jks Keystore (JKS or PKCS12 keystore). I need both files in order to sign a document.

When I validate... it tells me that my signature is ok (correct hash value), but my certificate has expired (It was a test certificate that is not longer valid).

Question: how can I create a testing X.509 Certificate and the corresponding KeyStore (JKS or PKCS12)?

I've tried with makecert.exe (from Microsoft) and I've got my .cer file... but I haven't been able to get the KeyStore.

I know how to make a keystore (using keytool), but I don't know how to relate my certificate and keystore (I've only been able to make them separatelly).

I hope some of you guys can help me with this... Thanks anyway!

Juan Ignacio.

[847 byte] By [Juarisa] at [2007-10-1 11:50:41]

«« Applet throwing OutOfMemory Error
»» ConcurrentModificationException with 1.5 for loop?

# 1

Hey,

Forget makecert.exe.

Keytool is all you need:

(1) use -genkey to create a key optionally specifying which algorithm you want

(2) use -selfcert to associate a certificate to the key; you can specify the validity in days i.e. 3650 would be 10 years

(3) -export to create a .cer file for the certificate

Now proceed to use jarsigner to sign your jars. For the record, you do not sign anything with a certificate - it is the means of verification; the key in your keystore does the signing.

Regards,

Darren

bishopd81a at 2007-7-10 13:35:25 >

Security

Other Security APIs, Tools, and Issues

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

Creating Testing Certificate and asociated Keystore

Security New Topic

Security Hot Topic

Security

All Classified