Once you've imported a certificate authenticating the public key of the CA
you submitted your certificate signing request to (or there's already such a
certificate in the "cacerts" file), you can import the certificate
reply and thereby replace your self-signed certificate with a certificate chain.
This chain is the one returned by the CA in response to your request (if the CA
reply is a chain), or one constructed (if the CA reply is a single certificate)
using the certificate reply and trusted certificates that are already available
in the keystore where you import the reply or in the "cacerts"
For example, suppose you sent your certificate signing request to VeriSign.
You can then import the reply via the following, which assumes the returned
certificate is named "VSMarkJ.cer":
keytool -importcert -trustcacerts -file VSMarkJ.cer
Be the first one to add a comment