• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

keytool and self signing certificate

 
Sagar Kar
Greenhorn
Posts: 25
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I found the following information from the sun site http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html#genkeyCmd

Since I am a java guy I am also posting this query in the java forum.

When we use the -genkey argument the keytool "generates a key pair (a public key and associated private key). Wraps the public key into an X.509 v1 self-signed certificate, which is stored as a single-element certificate chain".

When we use the -selfcert argument the keytool "generates an X.509 v1 self-signed certificate, using keystore information including the private key and public key associated with alias".

If -genkey generates a self signed certificate what does -selfcert do?
I can't understand what actually happens between -genkey and -selfcert.
What does self sign mean in both the case?
 
Joe Ess
Bartender
Posts: 9214
9
Linux Mac OS X Windows
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
-genkey generates a private and public key in addition to creating a cert. -selfcert creates a cert using a specified key.
A self-signed certificate means that the certificate chain does not lead to a Certification Authority (CA) who validates you are who you say you are. A user who encounters a self-signed cert in an applet or web server will be notified that the certificate is questionable.
Have a look on the page you linked, the section marked "Certificate Chains" for more.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic