Certificates from CA's and the keystore
843811Dec 19 2007 — edited Jan 9 2008Hello all,
I have tracked through a series of forum topics that seem to ask similar questions and receive similar answers regarding both signing jars and using the certificates for communications.
Forgive the overlap, but I have a slightly related question.
Is the only way to use the keystore (and keytool to manage the keystore) when signing jars by generating a key pair at the start? Is that why all the examples always start with that option, and none of them start from a scenario that is different?
Is it possible to come in with an existing CA signed certificate, and the CA's root certificate and sign the jars? Would that setup work for communication at all?
I have tried this for signing, and both certificates end up as trustedCertEntries within the keystore, but this does not allow the signing of jars since there is no keyEntry. The error message is:
"jarsigner: Certificate chain not found for: and. and must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain."
I have not tried it for communication.
Is there some other alternative to generating the key-pair directly in the keystore, exporting the csr, and getting the CA to sign and reply to that csr?
My question stems from a customer wanting to only provide the certificate they want to use, and maybe the CA root cert if necessary.
Thanks much in advance!
Edited by: gennadius on Dec 19, 2007 3:52 PM