After creating a digital certificate, the owner must sign it to prevent forgery. E-commerce sites, or those for which authentication of identity is important can purchase a certificate from a well-known Certificate Authority (CA). If authentication is not a concern, for example if private secure communications is all that is required, save the time and expense involved in obtaining a CA certificate and use a self-signed certificate.
To use a digital certificate signed by a CA:
Save the certificate in the directory containing the server keystore and trust-store files, by default install_dir/domains/
domain-dir/config
directory. See "Changing the Location of Certificate Files" for instructions on changing this location.
keytool
to import the certificate into the local keystore and, if necessary, the local trust-store.
keytool -import -v -trustcacerts
-alias keyAlias
-file server.cer
-keystore cacerts.jks
-keypass changeit
-storepass changeit
If the keystore or private key password is not the default password, then substitute the new password for changeit
in the above command.
For complete information about using keytool
, see the keytool
documentation at:
http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html
See also: