Processing certificates

To export a CSR (Certificate Signing request) from keystore in order to sign it

1. Run the keytool utility with the following parameters:

   keytool -certreq -alias alias_for_the_entry -keystore keystore_file_path -storepass keystore_password -file certfilename.crs

EXAMPLE: keytool -certreq -alias em -keystore em.keystore -storepass empass -file EmCert.crs

1. Use a private or commercial trusted CA to sign the certificate.

To import a CA certificate into keystore

Run the keytool utility with the following parameters:

keytool -import -alias alias_for_the_CA_entry -keystore keystore_file_path -storepass keystore_password -file cacert.pem

EXAMPLE: keytool -import -alias systemca -keystore em.keystore -storepass empass -file new_ca.pem

To import a signed certificate into keystore

Run the keytool utility with the following parameters:

keytool -import -alias alias_for_the_key_entry -keystore keystore_file_path -storepass keystore_password -file certfilename.der

The signed certificate must be in X.509 DER (Definite Encoding Rules) format.

EXAMPLE: keytool -import -alias em -keystore em.keystore -storepass empass -file EmCert.der

For more information on certificate expiration, see Certificate expiration.