By: Lakshmi in Java Tutorials on 2007-10-14
Suppose you have used the jarsigner tool to sign a Java ARchive (JAR) file. Clients that want to use the file will want to authenticate your signature.
One way they can do this is by first importing your public key certificate into their keystore as a "trusted" entry. You can export the certificate and supply it to your clients. As an example, you can copy your certificate to a file named MJ.cer via the following, assuming the entry is aliased by "mykey":
keytool -exportcert -alias mykey -file MJ.cer
Given that certificate, and the signed JAR file, a client can use the jarsigner tool to authenticate your signature.
Changing Your Distinguished Name but Keeping your Key Pair
Suppose your distinguished name changes, for example because you have changed departments or moved to a different city. If desired, you may still use the public/private key pair you've previously used, and yet update your distinguished name. For example, suppose your name is Tuck Lee, and you created your initial key entry with the alias tLee and the distinguished name
"cn=Tuck Lee, ou=Finance Department, o=BlueSoft, c=us"
Suppose you change from the Finance Department to the Accounting Department. You can still use the previously-generated public/private key pair and yet update your distinguished name by doing the following.
First, copy (clone) your key entry:
keytool -keyclone -alias tLee -dest tLeeNew
(This prompts for the store password and for the initial and destination private key passwords, since they aren't provided at the command line.) Now you need to change the certificate chain associated with the copy, so that the first certificate in the chain uses your different distinguished name. Start by generating a self-signed certificate with the appropriate name:
keytool -selfcert -alias tLeeNew -dname "cn=Tuck Lee, ou=Accounting Department, o=BlueSoft, c=us"
Then generate a Certificate Signing Request based on the information in this new certificate:
keytool -certreq -alias tLeeNew
When you get the CA certificate reply, import it:
keytool -import -alias tLeeNew -file VStLeeNew.cer
After importing the certificate reply, you may want to remove the initial key entry that used your old distinguished name:
keytool -delete -alias tLee
This policy contains information about your privacy. By posting, you are declaring that you understand this policy:
- Your name, rating, website address, town, country, state and comment will be publicly displayed if entered.
- Aside from the data entered into these form fields, other stored data about your comment will include:
- Your IP address (not displayed)
- The time/date of your submission (displayed)
- Your email address will not be shared. It is collected for only two reasons:
- Administrative purposes, should a need to contact you arise.
- To inform you of new comments, should you subscribe to receive notifications.
- A cookie may be set on your computer. This is used to remember your inputs. It will expire by itself.
This policy is subject to change at any time and without notice.
These terms and conditions contain rules about posting comments. By submitting a comment, you are declaring that you agree with these rules:
- Although the administrator will attempt to moderate comments, it is impossible for every comment to have been moderated at any given time.
- You acknowledge that all comments express the views and opinions of the original author and not those of the administrator.
- You agree not to post any material which is knowingly false, obscene, hateful, threatening, harassing or invasive of a person's privacy.
- The administrator has the right to edit, move or remove any comment for any reason and without notice.
Failure to comply with these rules may result in being banned from submitting further comments.
These terms and conditions are subject to change at any time and without notice.
Most Viewed Articles (in Java )
Latest Articles (in Java)
- Data Science
- React Native
- Cloud Computing
- Java Beans
- Mac OS X
- Office 365
- Tech Reviews