How to create a private key (keypair) entry, then save it in an existing keystore:
Self-signed, DSA private key (keypair) entry
- Select task Create DSA private key entry
- Fill in the fields
==> once all required fields are filled, Action button becomes enabled
- Click Action button (located at bottom)
==> A dialog shows up, displaying the contents (entries if any) of the keystore
- At the bottom of the dialog, enter new alias, enter password, confirm password
- Click OK button
==> That's it!
Self-signed, RSA private key (keypair) entry
- Select task Create RSA private key entry
- Fill in the fields
==> once all required fields are filled, Action button (located at bottom) becomes enabled
- Click Action button
==> A dialog shows up, displaying the contents (entries if any) of the keystore
- At the bottom of the dialog, enter new alias, enter password, confirm password
- Click OK button
==> Ecco!
Trusted CA, private key (keypair) entry
ie. private key of type RSA.
This is done in 3 steps.
Step 1/3: create private key entry
- Select task Create RSA private key entry
- Fill in the fields
==> once all required fields are filled, Action button becomes enabled
- Click Action button
==> A dialog shows up, containing the table of all available entries of the selected KeyStore
- At the bottom of the dialog, enter new alias, enter password, confirm password
- Click OK button
Step 2/3: export CSR
- Select task Export certificate from private key entry as CSR file
- Fill in the fields
==> once all required fields are filled, Action button becomes enabled
- Click Action button
==> A dialog shows up, containing the table of all available entries of the selected KeyStore
- Select the alias pointing to the right private key (the one that was created in step 1/3), enter the respective password
- Click OK button
==> This will generate a CSR file in PKCS#10 format. Submit this file to your CA (look for a CA that provides code signing certificate).
Step 3/3: import trusted certificate
Once your trusted certificate has been approved by the CA, you should receive it in PKCS#7 format (otherwise convert the one you get).
- Select task Import CA certificate reply to private key entry
- Fill in the fields
==> once all required fields are filled, Action button becomes enabled
- Click Action button
==> A dialog shows up, containing the table of all available entries of the selected KeyStore
- Select the alias pointing to the right private key entry (the one that was created in step 1/3, and used in step 2/3), enter the respective password
- Click OK button
==> This will import your trusted CA in the respective private key entry.
From private key located in another keystore
- Select task Import private key entry from private key in other keystore
- Fill in the fields
==> once all required fields are filled, Action button becomes enabled
- Click Action button
==> A dialog shows up, containing the table of all available entries of the selected keystore source
- Select an alias,
- If keystore source is not of type PKCS12, enter the respective password
- Click OK button
==> Another dialog shows up, containing the table of all available entries in the selected keystore target.
- Enter new alias,
- If keystore target is not of type PKCS12, enter new password, confirm new password
- Click OK button
==> Et voila!