Reputation: 1013
Can I generate CSR using java keytool on Computer 1, and use that keystore on Computer 2?
Assuming I have created a keystore and private key using java keytool using the following command on Computer 1.
keytool -genkey -dname "CN=abc" -alias abc -keyalg "RSA" -keysize 1024 -sigalg "SHA256WITHRSA" -validity 365 -keystore "DEF.jks"
Then I use portecle to open this keystore and generate Cert Request
After I import CA reply, can I use that keystore(.jks) file on Computer 2?
Upvotes: 0
Views: 407
Answers (2)
Reputation: 2147
You can, but the reason that most guides you will see do not do it that way is that it's easier to keep your secret key secure if you don't make copies of it or transfer it over networks. If you generate your CSR on the computer that is going to use the certificate, then you don't need to make copies. The issued certificate cannot be used without the secret key, so it's safer to transmit the CSR and the certificate around, while the secret key stays in one place.
Upvotes: 0
Reputation: 8806
Yes. you can use the keystore on Computer 2. It is just a file from a file system point of view.
Upvotes: 0
Related Questions
- How to import a .cer certificate into a java keystore?
- SSL and cert keystore
- Create java keystore from private key and CA certificate bundle
- Renew certificate with Java Keytool - reuse old CSR?
- How can I create a keystore using an existing CSR file?
- Relationship between Java cert and keystore
- Is it possible to use a keystore from a CA which is used to sign JARs to also be used to sign CSRs in order to create SSL certificates
- JAVA API to create a keystore and attaching a csr and keypair to it
- Is it possible to generate CSR with long validity using Keytool
- Keytool without keystore