Doug's Sounding Board


Certificates eat my brain

Why are digital certificates so difficult?

    What I want:

  1. A root certificate from which to create a signing certificate
  2. A signing certificate
  3. A certificate to put on a device to validate code signed with the signing certificate
  4. To be able to do all this with openssl or the Java keytool

With the Java keytool I can make a self signed certificate and sign with that, and export the necessary component for verification, but some devices soom to want a root that the signing certificate is based on. It has no distinct root cert.

With openssl I can make the root cert and then the signing cert, but I’m not sure how to make the verifying cert.

Leave a Reply

Doug's Sounding Board is is proudly powered by Wordpress
Navigation Theme by GPS Gazette