> From: owner-openssl-us...@openssl.org On Behalf Of Miguel > Sent: Wednesday, 21 January, 2009 13:23
> I m simulating a CA to sign the request of my client applications > and I have a doubt about how openssl works. > I generate an private key like: > openssl dsaparam -genkey 1024 -out dsaprivatekey.pem > and then I generate a public one to import it in the server side: > openssl req -new -x509 -days 1001 -key dsaprivatekey.pem -out ca.cert To be exact that's generating a (selfsigned) cert for the pubkey; the pubkey itself is already inherent in the keypair generated above. (PS- 1001 days is a rather odd validity period - about 2 years 9 months.) > but no alias is asigned to the cert. > Is it possible to add an alias to the pair of keys? (like keytool: > keytool -genkey -alias mvia -keypass pass4mvia -storepass pass4mvia > -keystore mvia.keystore -keyalg DSA) The alias used in Java keystore (and keytool) is just a name for an entry; it is not actually part of the key (and/)or cert. OpenSSL (normally) keeps each item in a separate file, so it doesn't need them; just name each file appropriately (something like client42a-key.pem etc.) To import the OpenSSL-generated cert (file) into JKS, use something like keytool -importcert -file f -alias desired [-keypass p -keystore f -storepass p] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
