Menu
I am using Keytool in java to generate a keystore/CSR to submit to a certificate Authority.
My CA only supports MD5withRSA and SHA1withRSA
Everytime I use keytool to create the keystore and export the CSR I am getting a SHA256withRSA signature Algorithm.
I've tried manually setting the -sigalg but it keeps going to sha256 everytime whether i try to set it to md5 or sha1
Can someone advise me on what I'm doing wrong
keytool -genkey -alias server -keyalg RSA -sigalg SHA1withRSA -keysize 2048 -keystore www_mydomain_com.jks -dname "CN=www.mydomain.com,OU=it, O=mycompany, L=thecity, ST=thestate, C=US" && keytool -certreq -alias server -file www_mydomain_com.csr -keystore www_mydomain_com.jks
keytool -genkey -alias server -keyalg RSA -sigalg MD5withRSA -keysize 2048 -keystore www_mydomain_com.jks -dname "CN=www.mydomain.com,OU=it, O=mycompany, L=thecity, ST=thestate, C=US" && keytool -certreq -alias server -file www_mydomain_com.csr -keystore www_mydomain_com.jks
Both commands create a csr that shows SHA256withRSA
638
sigalg specifies the algorithm that is used to sign the self-signed certificate; this algorithm must be compatible with keyalg. Set the -sigalg argument to be a valid SHA2 value. For example, if RSA is the value that is used with the -keyalg argument for the keytool command, use -sigalg SHA256withRSA .
The -trustcacerts argument tells keytool that you want to import this as a trusted certificate. Use the cacerts file to obtain trusted certificates from certificate authorities that have signed the certificate that is being imported.
Check the contents of the trust store by entering the following in the command prompt: <JAVA_HOME>\bin\keytool -list -v -keystore truststore -storepass access . Note the alias names of the certificates you want to remove. Enter <JAVA_HOME>\bin\keytool -delete -alias <alias name> -keystore truststore.
You should add -sigalg SHA1WithRSA parameter to the second keytool call, where CSR is actually generated.
136
$ keytool -genkey -alias selfsignedcert -keyalg RSA -sigalg SHA1withRSA -keypass privatepassword -keystore identity.jks -storepass password -validity 365
34
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
