Create CA, and sign cert with it


Author(s): Adam Bulla | Created: 25 June 2022 | Last modified: 25 June 2022
Tested on: -

Create CA cert for signing

keytool -genkey -alias ISIMCA -keystore ISIMCA_keystore.pfx -storetype PKCS12 -dname CN=$FQDN,C=CH -ext san=dns:$HOSTNAME,ip:$IP -keyalg RSA -validity 3600 -keysize 4096

Validate cert is in keystore

keytool -list -v -keystore ISIMCA_keystore.pfx -storetype PKCS12

Export the cert if needed

keytool -export -alias ISIMCA -keystore ISIMCA_keystore.pfx -storetype PKCS12 -rfc -file cert.cer

Sign the CSR with the CA cert

keytool.exe -gencert -alias ISIMCA -keystore ISIMCA_keystore.pfx -storetype PKCS12 -rfc -infile <CERTIFICATE REQUEST NAME> -outfile agent.cer