what is the alias used for?...is it just the name you refer to in by in the keystore? Also I used open ssl to generate my certificate and I don't have a file with .perm extension...I've got my server.csr, server.key and server.crt
also, what does the -trustcacerts do?...I'm looking at the following page (http://www.site.uottawa.ca/~lpeyton/csi5389genkeystore.html) and I don't see that option used. On Tue, Oct 13, 2009 at 8:40 AM, Marvin Addison <[email protected]> wrote: >> it sounds like all I need to do is import my self-signed >> certificate one time into system truststore you mentioned and the >> exception should go away correct? > > Yes. > > If that is the case, my next >> how do I install my certificate in the system truststore? > > keytool -import -alias your_alias -trustcacerts -file > /path/to/cert.pem -keystore /path/to/keystore -storepass changeit > > I recall you are on Windows, so keytool will not likely be on your > path. It's in $JAVA_HOME/bin. > >> Is there a reason not to use the default location? > > It's bad practice to import self-signed certificates into the system > keystore/truststore. (One file is used for both purposes by default.) > If you have your own PKI infrastructure, then it's entirely valid to > import the root certificate of your institution's PKI into the system > truststore. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- Curtis Garman Web Programmer Heartland Community College -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
