How DXcertgen Creates Certificates When There Is No Keystore

Administration Guide › Set Up Encryption › About the DXcertgen Tool › How DXcertgen Creates Certificates When There Is No Keystore

How DXcertgen Creates Certificates When There Is No Keystore

When you use DXcertgen to create certificates, and do not use a keystore, Dxcertgen does the following:

Creates a new key pair and root certificate, and stores these in memory.
Generates the user and DSA certificates, and signs them with the private key.
For DSA certificates, the DSA name is used as the subject of the certificate.
Destroys the private key and appends the root certificate to the end of the following file:
```
DXHOME/config/ssld/personalities/trusted.pem
```

Every time that DXcertgen creates a certificate, and does not use a keystore, it creates a new key pair and root certificate, and reissues all the user and DSA certificates based on the new key pair. This can be inconvenient, because you need to distribute the certificates to the client applications.

Email CA Technologies about this topic