I'm reading about using the keytool command to generate a certificate from the oracle guide.The part I don’t understand is it says after running the command keytool -genkey., it creates a public/private key. First export the key: keytool -importkeystore -srckeystore mycert.jks -destkeystore keystore.p12 -deststoretype PKCS12. For apache ssl certificate file you need certificate only: openssl pkcs12 -in keystore.p12 -nokeys -out mykeystore.crt. For ssl key file you need only keys: openssl pkcs12 -in keystore.p12 -nocerts -nodes -out mystore.key.
In order to generate the CSR code on Tomcat, you can use keytool commands.
First, you need to create a keystore that will contain the private key. Microsoft project 2016 product key generator.
Open up a command line interface and run the following command:
keytool -genkey -keysize 2048 -keyalg RSA -alias tomcat -keystore yourkeystore.jks
You are free to use any custom alias and a keystore name.
You will be asked to enter a password for the keystore. Remember this password for later use. The default value is *changeit*.
Keytool Command To Create Keystore
After that you will be asked the following questions:
What is your first and last name? – enter the *fully qualified domain name* you want to secure with the SSL certificate (ex.: domain.com or sub.domain.com).
What is the name of your organizational unit? – provide the name of a division or department within the organization. For Domain Validation certificates you can enter ‘NA’. What is the name of your organization? – provide the officially registered name for your business. What is the name of your City or Locality? – provide the complete name of your city or locality. Please do not use abbreviations. What is the name of your State or Province? – provide the complete name of your state or region. What is the two-letter country code for this unit? – enter two-letter code of your country (uppercase).
Then you will be asked if the information you submitted is correct:
Is CN=example.com, OU=Your Organizational Unit, O=Your Organization, L=Your City, ST=Your State, C=Your Country correct?
Please type ‘y’ or ‘yes’ to confirm everything is correct.
Generating Public Key From Keystore Keytool In Windows Xp
After the keystore with the private key is generated, you can use the following command to generate the CSR code:
keytool -certreq -keyalg RSA -alias tomcat -file example.csr -keystore example.jks
You will be prompted to enter keystore password.
Now you have a file called example.csr with the certificate signing request. You can open it with any text editor, copy the content including —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—– headers and submit it for activation of the certificate purchased with us.
After the certificate is issued, follow the steps from this article to install the SSL certificate on your Tomcat server.
Generating a KeyStore and TrustStore
The following sections explain how to create both a KeyStoreand a TrustStore (or import a certificate into an existing TrustStoresuch as the default Logical Host TrustStore in the location:
where <c:JavaCAPS> isthe directory where Java CAPS is installed and <MyDomain> isthe name of your domain. The primary tool used is keytool, but openssl isalso used as a reference for generating pkcs12 KeyStores.
For more information on openssl andavailable downloads, visit the following web site:
http://www.openssl.org.
Creating a KeyStore in JKS Format
This section explains how to create a KeyStore using theJKS format as the database format for both the private key, and theassociated certificate or certificate chain. By default, as specifiedin the java.security file, keytool usesJKS as the format of the key and certificate databases (KeyStore andTrustStores). A CA must sign the certificate signing request (CSR).The CA is therefore trusted by the server-side application to whichthe Adapter is connected.
Note –
Itis recommended to use the default KeyStore
where <c:JavaCAPS> isthe directory where Java CAPS is installed and <MyDomain> isthe name of your domain.
To Generate a KeyStore![]()
Creating a KeyStore in PKCS12 Format
This section explains how to create a PKCS12 KeyStoreto work with JSSE. In a real working environment, a customer couldalready have an existing private key and certificate (signed by aknown CA). In this case, JKS format cannot be used, because it doesnot allow the user to import/export the private key through keytool. It is necessary to generate a PKCS12database consisting of the private key and its certificate.
The generated PKCS12 database can then be used as the Adapter’sKeyStore. The keytool utility iscurrently lacking the ability to write to a PKCS12 database. However,it can read from a PKCS12 database.
Note –
There are additional third-party tools available for generatingPKCS12 certificates, if you want to use a different tool.
For the following example, openssl isused to generate the PKCS12 KeyStore:
The existing key is in the file mykey.pem.txt in PEM format. The certificate is in mycertificate.pem.txt, which is also in PEM format. A textfile must be created which contains the key followed by the certificateas follows:
This command prompts the user for a password. The password isrequired. The KeyStore fails to work with JSSE without a password.This password must also be supplied as the password for the Adapter’sKeyStore password.
This command also uses the openssl pkcs12 commandto generate a PKCS12 KeyStore with the private key and certificate.The generated KeyStore is mykeystore.pkcs12 withan entry specified by the myAlias alias.This entry contains the private key and the certificate provided bythe -in argument. The noiter and nomaciter optionsmust be specified to allow the generated KeyStore to be recognizedproperly by JSSE.
Creating a TrustStore
For demonstration purposes, suppose you have the followingCAs that you trust: firstCA.cert, secondCA.cert,thirdCA.cert, located in the directory C:cascerts. You can create a new TrustStore consistingof these three trusted certificates.
To Create a New TrustStoreGenerating Public Key From Keystore Keytool In Windows 8
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |