Create key pair and certificate request

To create a certificate request you can use the two commands below. The private key will be saved in the Java key store and the certification request in the required PKCS#10 format in xxx-req.pem. The alias you need to specify depends on your application:

keytool -genkey -alias xxx -keyalg RSA -keysize 2048

keytool -certreq -keyalg RSA -keysize 2048 -alias xxx -file xxx-req.pem

Zertifikate importieren

To import the certificates of the DFN-PKI, which you can download here as text files in PEM format, you can use the following commands:

keytool -import -alias rootca -file rootca.pem

keytool -import -alias dfnpca -file dfnpca.pem

keytool -import -alias wwuca -file wwuca.pem

Your own certificate can then be imported with this command:

keytool -import -alias xxx -trustcacerts -file xxx.crt