Though my project is java based but we still use OpenSSL to generate keys and certificate. I don’t understand how OpenSSL is better then java keystore.
What I can’t do with keytool, that I can do with OpenSSL?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Though my project is java based but we still use OpenSSL to generate keys and certificate. I don’t understand how OpenSSL is better then java keystore.
What I can’t do with keytool, that I can do with OpenSSL?
It depends on your needs.
If you just need to generate a self-signed certificate for testing purposes with no extensions (like in
X.509 v1certificates) then IMO it is much faster and convenient to useKeytool(Note: I have no idea about if additions/changes have been introduced inKeytoolin Java 7).Additionally if you need just to manage your certificates or use
JKSkeystores,Keytoolis still the way to go.Other than that, you would need to use a robust security facility which would be certainly OpenSSL.
Note that if you just need to generate -fast- certificates/keystores for your testing you could use a Java based tool e.g. Certificate Helper which also creates extensions.
But for production/interoperability and all the reasons mentioned by friends in the comments you would use OpenSSL.