0

We need to create an HTTP service that can create and return a certificate signed by a trusted parent certificate. Our initial plan was to use keytool in the bin directory of our jdk in a Servlet using Runtime.exec, but it seems the keytool commands require answers to prompts on the command line.

For example: keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048 asks a number of questions on the command line.

Our next idea was to use java.security.KeyStore, but I don't see a way to export and persist the store, we will want to keep all our certificates in a jks file. If the web container goes down we definitely need to be able to keep all the PKI artifacts.

Improve this question
2
  • Have you tried the java 7 keytool? I think you can put everything on the command line and avoid the prompting. Commented Jul 3, 2012 at 2:28
  • By the way, can't you just copy the store? Commented Jul 11, 2012 at 19:14

2 Answers 2

Reset to default
1

Since this was one of the top results in google and I did eventually figure it out here's the answer.

$ java -version
java version "1.7.0_11"
$ keytool -genkey -keysize 2048 \
  -alias tomcat \
  -keyalg RSA \
  -dname "CN=example.com,OU=MyOrgUnit,O=MyOrg,L=Somewhere,S=State,C=US" \
  -storepass Secret -keypass Secret \
  -keystore keystore.jks

Hope this helps others.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Try Portecle. If the GUI can't do it, then simply extract the information from the source.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.