Certificates eat my brain
Why are digital certificates so difficult?
With the Java keytool I can make a self signed certificate and sign with that, and export the necessary component for verification, but some devices soom to want a root that the signing certificate is based on. It has no distinct root cert.
With openssl I can make the root cert and then the signing cert, but I'm not sure how to make the verifying cert.
- What I want:
- A root certificate from which to create a signing certificate
- A signing certificate
- A certificate to put on a device to validate code signed with the signing certificate
- To be able to do all this with openssl or the Java keytool
With the Java keytool I can make a self signed certificate and sign with that, and export the necessary component for verification, but some devices soom to want a root that the signing certificate is based on. It has no distinct root cert.
With openssl I can make the root cert and then the signing cert, but I'm not sure how to make the verifying cert.