> I am a programmer from India. I am have a couple of questions regarding the
> keytool.
> 1. How do I get a certificate signed by the CA? The documentation describes
> generating the CSR file. However nothing is saic about what to do with it.
You submit the CSR to the target CA from which you request a certificate.
For example, in order to request a certificate from Verisign, you submit
your CSR to this URL:
https://digitalid.verisign.com/TestGetCSR.html
Or in order to request a certificate from the Thawte CA, you submit your
CSR to:
https://www.thawte.com/cgi/server/test.exe
These are just 2 examples.
You then import the reply from the CA into your keystore,
using the "-import" option.
> 2. How can I add new certificates to the list of trusted CA's in 'cacerts' ?
You manage the "cacerts" keystore in the same fashion as any other keystore,
i.e., in order to add new certs to it, you use the "-import" option.
> These questions are of prime importance for a project we are working on
> so a prompt reply will be greatly appreciated.
> Thank you
Jan