Creating Self Signed CA Signing Certificate with Keytool - dogtagpki/pki GitHub Wiki

Creating Self-Signed CA Signing Certificate

To generate a certificate with RSA key:

$ keytool \
    -genkeypair \
    -keystore keystore.p12 \
    -storetype pkcs12 \
    -storepass Secret.123 \
    -alias ca_signing \
    -dname "CN=CA Signing Certificate" \
    -ext BasicConstraints=ca:true \
    -ext KeyUsage=digitalSignature,nonRepudiation,keyCertSign,cRLSign \
    -keyalg RSA \
    -keypass Secret.123

To generate a certificate with ECC key:

$ keytool \
    -genkeypair \
    -keystore keystore.p12 \
    -storetype pkcs12 \
    -storepass Secret.123 \
    -alias ca_signing \
    -dname "CN=CA Signing Certificate" \
    -ext BasicConstraints=ca:true \
    -ext KeyUsage=digitalSignature,nonRepudiation,keyCertSign,cRLSign \
    -keyalg EC \
    -keypass Secret.123

See Also

Tip	To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.

⚠️ GitHub.com Fallback ⚠️