Hi there guys...
I am not an expert in working with certificate, so I was trying to do the following:
1- create my own CA using open SSL: test seems to be ok
2- create keystore, CSR using keytool: test seems to be ok
3- sign the CSR using the CA: test seems to be ok
4- import the signed certificate: problem is here.
the problem is that the subject (issued to field) is missing in the signed certificate. I am not sure why this is happening, since I am just learning this. Could anyone guide me in the right direction?
the following are the exact steps I used to generate the CSR, CA, signing the certificate, and importing it.
1- create certificate request:
* navigate to /java/bin directory
* type:
keytool -genkey -dname "CN=myserver.com , OU=my ou, O=my org, L= City, S=arizona, C=US" -alias myserver.com -keyalg RSA -keysize 2048 -keystore G:\tmp\keystore.jks
* enter keystore password: 123456
* confirm keystore password: 123456
* use same password: just press enter
* type:
keytool -certreq -alias myserver.com -file G:\tmp\keystore.jks.csr.txt -keystore G:\tmp\keystore.jks
* enter password: 123456
if all is correct, then the CSR is generated in the g:\tmp dir.
2- Create CA key
* first thing to do is to navigate to the /openssl/bin directory
* type the following to generate a private key:
openssl genrsa -des3 -out G:\tmp\CA\ca.key 2048
* enter the password for this key: keypsw123
* reenter the password for this key: keypsw123
you should get a key file
3- Create the self signed certificate for CA
* enter the following:
openssl req -new -x509 -days 3000 -key G:\tmp\CA\ca.key -out G:\tmp\CA\ca.crt -config G:\openssl\share\openssl.cnf
* enter: US
* enter: arizona
* enter: City
* enter: my org
* enter: my ou
* enter: john smith
* enter: notexisting@notexisting.com
this should result in a self signed certificate
4- Signing the certificate request
* enter:
openssl ca -config G:\openssl\share\openssl.cnf -subj "/C=US/ST=arizona/L=City/O=my org/OU=my ou/CN=myserver.com/emailAddress=noemail@noemail.com" -cert G:\tmp\CA\ca.crt -keyfile G:\tmp\CA\ca.key -out G:\tmp\CA\certificate.pem.crt -infiles G:\tmp\keystore.jks.csr.txt
* enter: keypsw123
* enter: y
* enter: y
now if you check this certificate by double clicking it:
G:\tmp\CA\certificate.pem.crt
you will find that the issued to part is missing.
i can't figure out what am i doing wrong here. Importing this certificate to the keystore does not work because the subject/issuer is missing.
advice please