test

Configuring Java CAPS for SSL Support

Creating the Keystore and Trust Store

The first task involves creating a keystore and a trust store on the computer where the Enterprise Manager server is installed.

For basic information about keystores and trust stores, see Secure Sockets Layer (SSL) Overview.

The examples in this topic show passwords being entered on the command line. You can omit these passwords, and be prompted to enter them.

ProcedureTo Create the Keystore and Trust Store

  1. Go to the computer where the Enterprise Manager server is installed.

  2. If the Enterprise Manager server is running, then shut down the Enterprise Manager server.

  3. Set the path variable to include the JavaTM Runtime Environment (JRETM) software used by the Enterprise Manager server. For example:


    set PATH="C:\Program Files\Java\jdk1.6.0_06\jre\bin";%PATH%

  4. Create a directory for the keystore and trust store. For example:


    C:\JavaCAPS6\keystore

  5. Navigate to the directory that you created, and use the keytool program to create a certificate in a new keystore.


    keytool -genkey -alias mykey -keyalg RSA -keypass changeit -keystore keystore.jks 
-storepass changeit

    When you are prompted to enter your first and last name, do not enter your first and last name. Instead, enter the fully qualified computer name. For example:


    What is your first and last name?
  [Unknown]:  example.company.com
What is the name of your organizational unit?
  [Unknown]:  Development
What is the name of your organization?
  [Unknown]:  Sun Microsystems
What is the name of your City or Locality?
  [Unknown]:  Monrovia
What is the name of your State or Province?
  [Unknown]:  California
What is the two-letter country code for this unit?
  [Unknown]:  US
Is CN=example.company.com, OU=Development, O=Sun Microsystems, L=Monrovia, 
ST=California, C=US correct?
  [no]:  yes

  6. Export the certificate to a file.


    keytool -export -alias mykey -file mykey.cer -keystore keystore.jks -storepass changeit

    The certificate is stored in the file that you specified.

  7. Import the certificate into a new trust store.


    keytool -import -v -trustcacerts -alias mykey -keypass changeit -file mykey.cer 
-keystore cacerts.jks -storepass changeit

    The trust store is created. The trust store includes the imported certificate.