The purpose of this tool is to facilitate the creation and editing of Java keystores.
There are two main keystores in Java KeyStores and TrustStores. Although the format of these files are the same and theoritically can be used interchangeably the purpose of each differs. A KeyStore is used to hold information that identify the user eg. this is the place where we hold an SSL certificate that protects a web server. A TrustStore holds information that helps the user identify a 3rd party eg. this is the place where a browser would hold root certificates that certify the validity of signed certificates presented by a web server.
The Certificate Tool can be used to perform the following functions for a KeyStore:
- Create a new KeyStore containing a new self-signed Key-Certificate Pair
- Export a Certificate Signing Request from a Keystore
- Import a Signed Certificate back to the Keystore
The Certificate Tool can be used to perform the following function for a TrustStore:
- Import a Public Certficate to the TrustStore
When securing a web server eg. Tomcat we need to configure it to use a Key-Certificate Pair from a KeyStore. This Key-Certificate Pair can be either self-signed or signed by a trusted Certificate Authority. There are many commercial services that can be used to sign that key. If the pair is self-signed then some programs (eq browsers) will provide a warning about the validity of the Certificate while some others will refuse to accept the connection without further configuration.
Downloading the Tool
Create a new KeyStore containing a new self-signed Key-Certificate Pair
The first page of the wizard will present us with the following fields to fill:
- File. The filename of the new KeyStore
- Password. The password of the new KeyStore. You cannot access or use the new KeyStore without this password, so make sure you mark it down. The password must be at least 6 characters long
- Alias. A unique identifier for the new Key that will be created
- FQDN. The url of the server that this Key will secure. If our server can be accessed via the url http://www.example.com then the FQDN is www.example.com
The next page of the wizard will show us the contents of the newly created KeyStore
Export a Certificate Signing Request from a Keystore
The first page of the wizard will present us with the following fields to fill:
- File. The filename of an existing KeyStore
- Password. The password of the KeyStore
The next page of the wizard will show us the contents of the KeyStore
The last page of the wizard will present us with the following fields to fill:
- File. The filename the Certificate Signing Request to create
- Alias. A selection of all self-signed Key-Certificate pairs found on the KeyStore. Select the one you want to create the request for
After completing the wizard a new file will be created. You must send this file to a Certificate Authority in order to sign it. After getting the response you can import that response on the next wizard.
Import a Signed Certificate back to the Keystore
The first page of the wizard will present us with the following fields to fill:
- File. The filename of an existing KeyStore
- Password. The password of the KeyStore
The next page of the wizard will show us the contents of the KeyStore
The last page of the wizard will present us with the following fields to fill:
- File. The filename of the signed Certificate
- Alias. A selection of all self-signed Key-Certificate pairs found on the KeyStore. Select the one you want to create the request for
Import a Public Certficate to the TrustStore
The first page of the wizard will present us with the following fields to fill:
- File. The filename of an existing KeyStore
- Password. The password of the KeyStore
The next page of the wizard will show us the contents of the KeyStore
The last page of the wizard will present us with the following fields to fill:
- File. The filename of the public Certificate
- Alias. A unique identifier for the Certificate that will be imported