• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

CA how it's work?

 
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi guys
Please I have some problem about the step I need to flow for understanding SSL how it's work
What I know have to give the CA my CSR but for creating CSR I have to use my private key
Then I will import this certificate I got from CA to my keyStore, now the peivate key that will be use for encryption is the private key I have in my keystore or CA will give me private key in the certificate I got from them and what about public key from where I will get it


Thanks in advance
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Both keys go together; wherever you get one, you get the other. See http://en.wikipedia.org/wiki/Public_key_infrastructure, http://en.wikipedia.org/wiki/Certificate_signing_request and http://en.wikipedia.org/wiki/Key_pair.
 
Ranch Hand
Posts: 220
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In addition to Ulf's links, here is how the process should work in general. Please compare these steps against your understanding.

1. Create a new keypair using keytool -genkeypair -alias pickagoodalias <...other options...>
This create both a private key and an associated public key. At no point will the private key ever leave the keystore. You will need to remember the alias you used.

2. Create a CSR using keytool -certreq -alias pickagoodalias <...other options...>
This creates a CSR. The CSR contains only the public key in addition to identifying information.

3. Give the CSR to a certificate authority (CA).

4. Retrieve the signed X509 certificate from the CA. This contains the same public key you created in step 1 and gave to the CA in step 3.

5. Install the certificate into the same keystore as in step 1, using the same alias you used in step 1, with keytool -importcert -alias pickagoodalias <...other options...>
This step will also double check that the public key in the certificate your are importing is the same as the one you created in step 1.
 
Forget this weirdo. You guys wanna see something really neat? I just have to take off my shoe .... (hint: it's a tiny ad)
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic