user3375401
Reputation: 491
How to add multiple key usages to a certificate when using Java keytool
I am trying to add multiple key usages to a certificate when using java keytool to generate the certificate. It is only picking up the last one listed.
keytool -genkeypair -keystore keystore.jks -validity 3650 -alias test
-keysize 2048 -keyalg RSA -storetype JKS
-ext KeyUsage=digitalSignature -ext KeyUsage=keyEncipherment
-ext KeyUsage=keyCertSign
The documentation says you can use the -ext argument many times. What am I doing wrong?
Upvotes: 4
Views: 6803
Answers (1)
wallenborn
Reputation: 4273
The -ext can be given multiple times, but not for the same type of extension. What you want is
keytool -genkeypair -keystore keystore.jks -validity 3650 -alias test
-keysize 2048 -keyalg RSA -storetype JKS
-ext KeyUsage=digitalSignature,keyEncipherment,keyCertSign
Multiple -ext are used to define extensions of different type separately. For example like this:
keytool -genkeypair -keystore keystore.jks -validity 3650 -alias test
-keysize 2048 -keyalg RSA -storetype JKS
-ext KeyUsage=digitalSignature,keyEncipherment,keyCertSign
-ext ExtendedKeyUsage=serverAuth,clientAuth
-ext BasicConstraints=ca:true,PathLen:3
-ext SubjectAlternativeName=DNS:foo.bar.com,EMAIL:[email protected]
-ext CRLDistributionPoints=URI:http://foo.bar.com/ca.crl
this is a contrived example, but you get the idea.
Upvotes: 11
Related Questions
- keytool importing multiple certificates in single file
- How to generate key store from certificates?
- Converting pem with multiple certificates to java keystore
- Adding certificate to keystore using java code
- How to combine cer and key to generate jks file
- Newbie keytool command -- how to update cert already added to keystore?
- Storing an X.509 certificate into a keystore using java code
- Java keytool: Inserting a private key into an X.509 certificate
- How to import and trust a webserver certificate in java using keytool in a single command?
- Certificate encodings with X509Certificates and keytool