add property to .jks with keytool - 【StackMirror】|java|certificate|keytool|jks

I am generating a .jks with keytool and everything is ok.

I am using this command:

keytool -import -keystore KEYSTORE.jks -storepass "secret" -file MYCERT.crt

The problem is that I don't have any idea about how to add a "Subject Unique Identifier" to the certificate I am generating.

According to this: http://en.wikipedia.org/wiki/X.509 (In the Structure of a certificate part) that property is optional but I need it for this case.

Thanks in advance.

2012-04-03 22:37
by Oscar Jara

In a X509 Certificate everything is signed except the signature. It means that the subject unique identifier must be included during the certificate generation before it is signed by the issuer.

Please note that unique identifiers is a deprecated element (x509 v2); In X509 v3 certificates the subject key identifier and authority key identifier extensions serve a similar purpose.

The current RFC defining X509 certificate profiles (RFC 5280) specifies:

CAs conforming to this profile MUST NOT generate certificates with unique identifiers. Applications conforming to this profile SHOULD be capable of parsing certificates that include unique identifiers, but there are no processing requirements associated with the unique identifiers.

2012-04-03 22:56
by Jcs

Thanks for replying, information is clear but do you know a way to add this property? (forgetting that this is deprecated) I am not so familiar to .jk - Oscar Jara 2012-04-04 00:24

Actually adding the unique identifier is independent from the jks format. It must be done by the one who generated MYCERT.crt and it clearly depends on the software used to generate that certificate - Jcs 2012-04-04 06:13