Do you have a question? Post it now! No Registration Necessary. Now with pictures!
April 27, 2005, 7:48 pm
rate this thread
I work for a software development organization. We've used a Verisign
x.509 certificate (via keytool and jarsigner) to sign our jars before
they get shipped to customers for a few years. Now we're going to be
shipping a new product enhancement that uses https for security.
It looks like, with https, our customer will need their own x.509
certificate. They can, of course generate their own self-signed
certificate, or get one from Verisign, et al.
I'm wondering if there is a third option. For us to create a
sub-certificate off of our current one.
After digging through keytool and a whole pile of stuff on Google for a
day (and barely scratching the surface), I still have not figured out
the magical step of chaining a x.509 certificate. Keytool refers to
importing a chained certificate from the CA, but nothing about how the
CA creates it.
I suppose, if it were easy, Verisign would quickly go out of business
Any suggestions or references would be greatly appreciated.