Sunday, May 30, 2010

Generate a certificate using the keytool utility

To generate a certificate using the keytool utility
Use keytool to generate, import, and export certificates. By default, keytool creates a keystore file in the directory where it is run.

Change to the directory where the certificate is to be run.

Always generate the certificate in the directory containing the keystore and truststore files, by default domain-dir/config. For information on changing the location of these files, see To change the location of certificate files.

Enter the following keytool command to generate the certificate in the keystore file, keystore.jks:


keytool -genkey -alias keyAlias -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks
Use any unique name as your keyAlias. If you have changed the keystore or private key password from their default, then substitute the new password for changeit in the above command.

A prompt appears that asks for your name, organization, and other information that keytool uses to generate the certificate.

Enter the following keytool command to export the generated certificate to the file server.cer (or client.cer if you prefer):


keytool -export -alias keyAlias-storepass changeit
-file server.cer
-keystore keystore.jks
If a certificate signed by a certificate authority is required, see To sign a digital certificate using the keytool utility.

To create the truststore file cacerts.jks and add the certificate to the truststore, enter the following keytool command:


keytool -import -v -trustcacerts -alias keyAlias -file server.cer -keystore cacerts.jks -keypass changeit
If you have changed the keystore or private key password from their default, then substitute the new password for changeit in the above command.

The tool displays information about the certificate and prompts whether you want to trust the certificate.

Type yes, then press Enter.

Then keytool displays something like this:


Certificate was added to keystore [Saving cacerts.jks]
Restart the Application Server.

No comments:

Post a Comment