I'm slowly sinking into the deep ocean
that is x509 certificate management, kinda floating but might be sinking
What I'm trying to do is setup a CA
certificate (self signed) that I can then use to create user certificates
at a later time. These certificates will be used by browsers for
SSL connection to my server.
For my starting point I have been using
the PKCS12Example class hidden in the BC libraries.
I (think) I am creating the CA certificate
My problem is getting the CA private
key to sign a user ID. I assume this is stored in the PKCS12 keystore.
But for the life of me I cannot see how. Do I have to create
a special key entry for it? Currently I am using setCertificateEntry
for the CA and the INtermediate (why do I need an intermediate?). Would
I need to use a setKeyEntry call with the private key? Sounds unlikely
as the private key will be part of the certificate stored.... now there's