Re: Keytool

Jan Luehe (luehe@laguna.eng.sun.com)
Mon, 30 Nov 1998 10:53:32 -0800 (PST)

Aridaman:

> I am a programmer from India. I am have a couple of questions regarding the
> keytool.
> 1. How do I get a certificate signed by the CA? The documentation describes
> generating the CSR file. However nothing is saic about what to do with it.

You submit the CSR to the target CA from which you request a certificate.

For example, in order to request a certificate from Verisign, you submit
your CSR to this URL:

https://digitalid.verisign.com/TestGetCSR.html

Or in order to request a certificate from the Thawte CA, you submit your
CSR to:

https://www.thawte.com/cgi/server/test.exe

These are just 2 examples.

You then import the reply from the CA into your keystore,
using the "-import" option.

> 2. How can I add new certificates to the list of trusted CA's in 'cacerts' ?

You manage the "cacerts" keystore in the same fashion as any other keystore,
i.e., in order to add new certs to it, you use the "-import" option.

> These questions are of prime importance for a project we are working on
> so a prompt reply will be greatly appreciated.
> Thank you

Jan