I developed an application using Java Webstart. He needs write access to the disc, so it must be signed, but it will be used only by a limited group of users, so I do not want to pay for a trusted certificate.
What is the easiest option to allow users to trust my application / self-signed certificate? I do not want them to use keytool because it is not very user friendly. Although I want to create a certificate that can be imported using the Java control panel, I first tried to create an imported certificate using the following commands:
keytool -genkeypair -keystore patrickgotthard.jks -alias patrickgotthard
keytool -exportcert -keystore patrickgotthard.jks -alias patrickgotthard -file patrickgotthard.cer
But importing the generated .cer file is not possible. Then I found Failed to import the certificate into the java control panel and used the following command:
keytool -genkey -alias patrickgotthard -keystore patrickgotthard.p12 -storetype pkcs12
But as I understand it, the .p12 file also contains my private key - I donβt think the private key should be shared? Can you tell me how to create a self-signed certificate that can be imported using the Java control panel but does not contain my private key? Or do you know the best solution for my problem?
source
share