|Prev | Next||J2EETM Developer's Guide
1. Generate a key pair and a self-signed certificate.
keytoolutility enables you to create the certificate. The
keytoolthat ships with the J2EE SDK has the same syntax as the one shipped with the Java 2TM Standard Edition. However, the J2EE SDK version programatically adds a JavaTM Cryptographic Extension provider that has impementations of RSA algorithms. This provider enables you to import RSA signed certificates.
To generate the certificate you run
2. Import the certificate.
keytool -genkey -keyalg RSA -alias <certificate-alias>In the previous command, substitute
<certificate-alias>with the alias of your certificate.The
keytoolutility prompts you for the following information:keystore password - The default value of this password is
changeit. You may change the password by editing the
config/auth.propertiesfile.first and last name - Enter the fully-qualified name of your server. (This fully-qualified name includes the host name and the domain name.)organizational unit - Enter the appropriate value.organization - Enter the appropriate value.city or locality - Enter the appropriate value.state or province - Enter the unabbreviated name.two-letter country code - For the USA, the two-letter country code is US.key password for alias - Do not enter a password. Press Return.
If your certificate will be signed by a Certification Authority (CA) other than Verisign, then you must import the CA certificate. Otherwise, you may skip this step. (Even if your certificate will be signed by verisign Test CA, you must import it.) To import the certificate, perform these tasks:
a. Request the CA certificate from your CA. Store the certificate in a file.
b. To install the CA certificate in the Java 2 Standard Edition, run
keytoolas follows. (You must have the required permissions to modify the
3. Generate a Certificate Signing Request (CSR).keytool -import -trustcacerts -alis <ca-cert-alias> -file <ca-cert-file-name>
4. Send the contents of thekeytool -certreq -sigalg MD5withRSA -alias <cert-alias> -file <csr-filename>
If you are using Verisign CA, go to http://digitalid.verisign.com/. Verisign will send the signed certificate in email. Store this certificate in a file.5. Import the signed certificate that you recieved in email into the server.
keytool -import -alias <cert-alias> -file <signed-cert-file>
TOC | Index
Prev | Next
TOC | Index