add property to .jks with keytool
https://stackoverflow.com/questions/10002458
-
29-05-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am generating a .jks with keytool and everything is ok.
I am using this command:
keytool -import -keystore KEYSTORE.jks -storepass "secret" -file MYCERT.crt
The problem is that I don't have any idea about how to add a "Subject Unique Identifier" to the certificate I am generating.
According to this: http://en.wikipedia.org/wiki/X.509 (In the Structure of a certificate part) that property is optional but I need it for this case.
Thanks in advance.
Solution
In a X509 Certificate everything is signed except the signature. It means that the subject unique identifier must be included during the certificate generation before it is signed by the issuer.
Please note that unique identifiers is a deprecated element (x509 v2); In X509 v3 certificates the subject key identifier and authority key identifier extensions serve a similar purpose.
The current RFC defining X509 certificate profiles (RFC 5280) specifies:
CAs conforming to this profile MUST NOT generate certificates with unique identifiers. Applications conforming to this profile SHOULD be capable of parsing certificates that include unique identifiers, but there are no processing requirements associated with the unique identifiers.
