, C=US
Issuer: CN=MyCompany Root CA, OU=J2EE Division,
O=MyCompany Inc., C=US
Serial number: 64
Valid from: Sun Nov 13 08:26:00 GMT-05:00 2005
until: Sat Aug 09 08:26:00 GMT-05:00 2008
Certificate fingerprints:
MD5: B9:68:45:17:86:38:62:BC:36:E3:89:E7:25:5B:49:56
SHA1: 85:54:FE:B3:CA:43:BF:00:D6:62:BC:B7:36:62:
0A:39:F6:9F:4A:F5
... is not trusted. Install reply anyway? [no]: yes
Certificate reply was installed in keystore
Once you??™ve completed this last step, you should have a certificate, signed by
MyCompany Root CA, for your server located in .keystore. If you??™d like to test this
certificate with Apache Tomcat, see Section 3.5 (Configuring Tomcat to Use SSL) for
configuring the server for a certificate. Just be certain to specify srvrpass for the
password of the server keystore.
Chapter 3 ?– Declarative Security 170
Exporting the CA Certificate
To install your CA certificate into your browser as a Trusted Root Certificate, you can
export the certificate with the following command:
C:\jstk-1.0.1> keytool -export -alias cakey -file ca.cer
-keystore cadir\ca.ks
-storetype jks -storepass certauth
Certificate stored in file
The command exports the CA certificate to the file ca.cer.
To import the CA certificate as a Trusted Root Certificate in Internet Explorer,
select Tools, Internet Options, then click the Content tab (Figure 3??“32).
Click the Certificates button to open the Certificates dialog box and click the
Trusted Root Certification Authorities tab (Figure 3??“33).
Pages:
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221