Meaningless Drivel is fun!
The moose likes Java in General and the fly likes keytool and self signing certificate Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of OCA Java SE 8 Programmer I Study Guide this week in the OCAJP 8 forum!
JavaRanch » Java Forums » Java » Java in General
Bookmark "keytool and self signing certificate" Watch "keytool and self signing certificate" New topic

keytool and self signing certificate

Sagar Kar

Joined: Sep 03, 2004
Posts: 25
I found the following information from the sun site

Since I am a java guy I am also posting this query in the java forum.

When we use the -genkey argument the keytool "generates a key pair (a public key and associated private key). Wraps the public key into an X.509 v1 self-signed certificate, which is stored as a single-element certificate chain".

When we use the -selfcert argument the keytool "generates an X.509 v1 self-signed certificate, using keystore information including the private key and public key associated with alias".

If -genkey generates a self signed certificate what does -selfcert do?
I can't understand what actually happens between -genkey and -selfcert.
What does self sign mean in both the case?

Warm regards,<br />Sagar Kar.<br />SCJP 1.4, SCBCD 1.3
Joe Ess

Joined: Oct 29, 2001
Posts: 9150

-genkey generates a private and public key in addition to creating a cert. -selfcert creates a cert using a specified key.
A self-signed certificate means that the certificate chain does not lead to a Certification Authority (CA) who validates you are who you say you are. A user who encounters a self-signed cert in an applet or web server will be notified that the certificate is questionable.
Have a look on the page you linked, the section marked "Certificate Chains" for more.

[How To Ask Questions On JavaRanch]
I agree. Here's the link:
subject: keytool and self signing certificate
It's not a secret anymore!