REM generate a phony self-signed certificate REM -keyalg DSA for JDK 1.2 compatibility, private-public pair. REM However RSA is what most modern certs use. REM see http://docs.sun.com/source/816-5539-10/app_dn.htm for construction of distinguished name REM create private/public key pair keytool -genkey -storepass %jarsignerpassword -keyalg DSA -alias mindprodcert2010dsa -dname "CN=mindprod.com, OU=Java Code, O=Canadian Mind Products, L=Victoria, ST=British Columbia, C=CA, EMAILADDRESS=roedyg@mindprod.com DC=mindprod, DC=com" -validity 999 REM generate the self-signed certificate containing public key keytool -selfcert -storepass %jarsignerpassword -alias mindprodcert2010dsa -validity 999 REM export the self-signed certificate in x.509 printable format, public key only. REM Prior to Java 1.6 use -export instead of -exportcert keytool -exportcert -storepass %jarsignerpassword -alias mindprodcert2010dsa -rfc -file mindprodcert2010dsa.cer