Is there way to make keytool generate version 3 certificates? I'm following this tutorial Tutorial and in the end i have version 1 certificates. But then in my application i get exception that is caused by :
Caused by: java.security.cert.CertPathValidatorException: Version 1 certificates can't be used as CA ones.
I use keytool from jdk8.
EDIT: Command
openssl x509 -signkey cakey.pem -req -days 3650 -in careq.pem -out caroot.cer -extensions v3_ca
changes version of certificate.
Solved, it was not problem in keytool, but in openssl changing version.
I needed to specify -extfile v3.ext where v3.ext file contained
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
according to thist post.