![]() The extfile.cnf is optional and is used if you want to specify extensions. So, you need to use OpenSSL: x509 -req -days 3650 -in req.csr -signkey private.key -sha256 -extfile extfile.cnf -out result.crt And you can’t remove the certificate and generate a new one. If you try to sign the request with your existing keystore keypair, the current certificate is used as the root of the chain (and you don’t want that). The last two steps seem to be not straightforward with keytool or keystore explorer.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |