This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Five Lines of Code and have Christian Clausen on-line!
See this thread for details.
Win a copy of Five Lines of Code this week in the OO, Patterns, UML and Refactoring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

keytool and self signing certificate

 
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I found the following information from the sun site http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html#genkeyCmd

Since I am a java guy I am also posting this query in the java forum.

When we use the -genkey argument the keytool "generates a key pair (a public key and associated private key). Wraps the public key into an X.509 v1 self-signed certificate, which is stored as a single-element certificate chain".

When we use the -selfcert argument the keytool "generates an X.509 v1 self-signed certificate, using keystore information including the private key and public key associated with alias".

If -genkey generates a self signed certificate what does -selfcert do?
I can't understand what actually happens between -genkey and -selfcert.
What does self sign mean in both the case?
 
Bartender
Posts: 9612
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
-genkey generates a private and public key in addition to creating a cert. -selfcert creates a cert using a specified key.
A self-signed certificate means that the certificate chain does not lead to a Certification Authority (CA) who validates you are who you say you are. A user who encounters a self-signed cert in an applet or web server will be notified that the certificate is questionable.
Have a look on the page you linked, the section marked "Certificate Chains" for more.
 
Don't get me started about those stupid light bulbs.
    Bookmark Topic Watch Topic
  • New Topic