Requesting trusted certificates

This topic provides information about requesting trusted certificates.

The keys and certificates generated with the keytool utility are sufficient to run SSL. However, the browser does not automatically trust the certificate you have generated and it prompts you to accept the certificate. To obtain a certificate trusted by most common browsers, request a certificate authority (CA) to sign your key/certificate.

The following command generates a CSR for a certificate already in the keystore file:

               keytool -certreq -alias jetty -keystore <ksfile> -file <csrfile>

The term <ksfile> is the name of the keystore file. The term <csrfile> is the name of the generated CSR. Do not include the "<>" characters.

Once a CA has sent you a certificate, load it into the keystore file. Signed certificates are typically returned in the PEM format.

                keytool -keystore <ksfile> -import -alias jetty -file <crtfile> -trustcacerts

The term <ksfile> is the name of the keystore file. The term <crtfile> is the name of the file containing the signed certificate. Do not include the "<>" characters.