Exporting a Certificate Authenticating Your Public Key example using keytool in Java

By: Lakshmi in Java Tutorials on 2007-10-14

Suppose you have used the jarsigner tool to sign a Java ARchive (JAR) file. Clients that want to use the file will want to authenticate your signature.

One way they can do this is by first importing your public key certificate into their keystore as a "trusted" entry. You can export the certificate and supply it to your clients. As an example, you can copy your certificate to a file named MJ.cer via the following, assuming the entry is aliased by "mykey":

    keytool -exportcert -alias mykey -file MJ.cer

Given that certificate, and the signed JAR file, a client can use the jarsigner tool to authenticate your signature.

Changing Your Distinguished Name but Keeping your Key Pair

Suppose your distinguished name changes, for example because you have changed departments or moved to a different city. If desired, you may still use the public/private key pair you've previously used, and yet update your distinguished name. For example, suppose your name is Tuck Lee, and you created your initial key entry with the alias tLee and the distinguished name

  "cn=Tuck Lee, ou=Finance Department, o=BlueSoft, c=us"

Suppose you change from the Finance Department to the Accounting Department. You can still use the previously-generated public/private key pair and yet update your distinguished name by doing the following.

First, copy (clone) your key entry:

    keytool -keyclone -alias tLee -dest tLeeNew

(This prompts for the store password and for the initial and destination private key passwords, since they aren't provided at the command line.) Now you need to change the certificate chain associated with the copy, so that the first certificate in the chain uses your different distinguished name. Start by generating a self-signed certificate with the appropriate name:

    keytool -selfcert -alias tLeeNew
      -dname "cn=Tuck Lee, ou=Accounting Department, o=BlueSoft, c=us"

Then generate a Certificate Signing Request based on the information in this new certificate:

    keytool -certreq -alias tLeeNew

When you get the CA certificate reply, import it:

    keytool -import -alias tLeeNew -file VStLeeNew.cer

After importing the certificate reply, you may want to remove the initial key entry that used your old distinguished name:

    keytool -delete -alias tLee

Previous
<< Importing the Certificate Reply from the CA example using keytool in Java

Next
Importing Keystore example using keytool in Java >>

Add Comment

Comments

No comments yet. Be the first!

Most Viewed Articles (in Java )

What is Java?

Lexical Issues

isAlive() and join() in Java

XML and Java - Parsing XML using Java Tutorial

HTTPS Java - URL Connection program. Using HttpsURLConnection

How to Send SMS using Java Program (full code sample included)

Integer: byte, short, int, and long data types in Java

Read from a COM port using Java program

Stack example in Java - push(), pop(), empty(), search()

A simple Box class in Java

Open a .docx file and show content in a TextArea using Java

Step by Step guide to setup freetts for Java

Using Blocks of Code

J2EE APIs

Why java is important to the Internet

Latest Articles (in Java)

Read a file having a list of telnet commands and execute them one by one using Java

Open a .docx file and show content in a TextArea using Java

Step by Step guide to setup freetts for Java

Of Object, equals (), == and hashCode ()

Using the AWS SDK for Java in Eclipse

Using the AWS SDK for Java

DateFormat sample program in Java

concurrent.Flow instead of Observable class in Java

Calculator application in Java

Getting Started with Java

How Java is orgranized?

java.lang.reflect package

Sending Email from Java application (using gmail)

Java program to get location meta data from an image

J2EE APIs

Programming Tutorials