Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Generate keystore with name ssl, write to cert.jks
- keytool -genkey -dname "CN=my.host.bla, OU=[...], O=[...], L=[...], S=BY, C=DE" -alias ssl -keyalg RSA -keysize 2048 -keystore cert.jks
- # gen CSR into my.host.bla.csr
- keytool -certreq -keyalg RSA -alias ssl -file my.host.bla.csr -keystore cert.jks -ext san=DNS:my.host.bla
- # submit CSR to CA (this is a windows-specifc part!!)
- certreq -submit -attrib "certificatetemplate:ssl201610" my.host.bla.csr
- # Import Issuers
- # Root-CA: (already downloaded)
- keytool -import -alias root-pki -keystore cert.jks -trustcacerts -file "blaRootCA.cer"
- # Intermedi / Issuer-CA: (already downloaded)
- keytool -import -alias issuing-pki -keystore cert.jks -trustcacerts -file "blaIssuingCA.cer"
- # Import keys
- keytool -import -alias ssl -keystore cert.jks -file my.host.bla.cer
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement