I want to create certificate chain in java as follows:
ca.mycompany.com
|--asia.mycompany.com
|--india.mycompany.com
where ca.mycompany.com is a root certificate (self signed).
I know this is possible with OpenSSL. But is it possible to to achieve this with keytool?
If not, can I achieve this with Mozilla NSS library?
This is a perfect tutorial which help you go though the process of creating certificate chain using keytool. Basically, the process is you need to sign the certificate with the keys from CA and then install the certificate to the keystore you create.
There is an example in the keytool documentation that shows how to do this:
You can also generate certificate chains pretty easily with KeyStore Explorer:
The resulting chain: