Because when you use keytool it stores the generated private key in the keystore and tags it waiting for the certificate. Then when you import the issued certificate it is paired in the same record with the key. It's a real pain to get OpenSSL encoded private keys into a keytool keystore. Don't fight it, just use keytool. :)
Sent via iPhone > On Oct 29, 2015, at 00:06, Vishwajeet Singh <vishwajeet...@gmail.com> wrote: > > Hi, > > I saw Cassandra documentation. > > http://docs.datastax.com/en/cassandra/2.1/cassandra/security/secureSSLCertificates_t.html > > I found this line "SSL certificates must be generated using keytool". > > Can somebody explain me why SSL certificates must be generated using keytool? > > Can we use OpenSSL for generating certificates? > I am trying using openssl but it's not working. Why? > > Thanks, > Vishwajeet
