Create CA, and sign cert with it

Author(s): Adam Bulla | Created: 26 April 2024 | Last modified: 26 April 2024

Tested on: -

Table of contents

Create CA cert for signing
Validate cert is in keystore
Export the cert if needed
Sign the CSR with the CA cert

Create CA cert for signing↑

keytool -genkey -alias ISIMCA -keystore ISIMCA_keystore.pfx -storetype PKCS12 -dname CN=$FQDN,C=CH -ext san=dns:$HOSTNAME,ip:$IP -keyalg RSA -validity 3600 -keysize 4096

Validate cert is in keystore↑

keytool -list -v -keystore ISIMCA_keystore.pfx -storetype PKCS12

Export the cert if needed↑

keytool -export -alias ISIMCA -keystore ISIMCA_keystore.pfx -storetype PKCS12 -rfc -file cert.cer

Sign the CSR with the CA cert↑

keytool.exe -gencert -alias ISIMCA -keystore ISIMCA_keystore.pfx -storetype PKCS12 -rfc -infile <CERTIFICATE REQUEST NAME> -outfile agent.cer