Menu
I am trying to add multiple key usages to a certificate when using java keytool to generate the certificate. It is only picking up the last one listed.
keytool -genkeypair -keystore keystore.jks -validity 3650 -alias test
-keysize 2048 -keyalg RSA -storetype JKS
-ext KeyUsage=digitalSignature -ext KeyUsage=keyEncipherment
-ext KeyUsage=keyCertSign
The documentation says you can use the -ext argument many times. What am I doing wrong?
528
The -ext can be given multiple times, but not for the same type of extension. What you want is
keytool -genkeypair -keystore keystore.jks -validity 3650 -alias test
-keysize 2048 -keyalg RSA -storetype JKS
-ext KeyUsage=digitalSignature,keyEncipherment,keyCertSign
Multiple -ext are used to define extensions of different type separately. For example like this:
keytool -genkeypair -keystore keystore.jks -validity 3650 -alias test
-keysize 2048 -keyalg RSA -storetype JKS
-ext KeyUsage=digitalSignature,keyEncipherment,keyCertSign
-ext ExtendedKeyUsage=serverAuth,clientAuth
-ext BasicConstraints=ca:true,PathLen:3
-ext SubjectAlternativeName=DNS:foo.bar.com,EMAIL:[email protected]
-ext CRLDistributionPoints=URI:http://foo.bar.com/ca.crl
this is a contrived example, but you get the idea.
118
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
