1. DSR Security Guide
  2. Certificate Management
  3. Creating a New Certificate for WebLogic and Tomcat Servers
  4. Creating Keystore and Certificate Signing Request

Creating Keystore and Certificate Signing Request

This procedure describes the steps to create a keystore and Certificate Signing Request (CSR).

  1. Log in to the application VM of IDIH using SSH.
  2. Run the following command to change the user to tekelec:
    sudo su – tekelec
  3. Run the following command to change the directory to the Weblogic domain (nsp):
    cd /usr/TKLC/xIH/bea/user_projects/domains/tekelec/nsp
  4. Run the following commands to take a backup of the existing key and trust stores:
    cp idih.jks idih_bkp.jks
cp idih-trust.jks idih-trust-bkp.jks
  5. Run the following command to create a keystore and a private key using the genkeypair or genkey command:
    keytool -genkeypair -alias <alias_name> -keyalg RSA -keysize 1024 -dname "CN=<ServerName>, OU=GTI, O=<CompanyName>, L=<City>, ST=<State>,C=<Country> " -keypass <key_password> -keystore <server_keystore>.jks -storepass <store_password>
    Where,
    • <alias_name> indicates the alias for the keystore.
    • <ServerName> indicates the server name.
    • <CompanyName> indicates your company name.
    • <City> indicates your city name.
    • <State> indicates your state name.
    • <Country> indicates your country name.
    • <key_password> indicates the password.
    • <server_keystore> indicates keystore name.
    • <store_password> indicates the store password.

    In the above command, Common Name (CN) can be a domain name/DNS Name/machine name or any other name. The CN must match your machine name or hostname. This allows the hostname verification to complete.

    The system generates a private and public key pair.

  6. To create a Certificate Signing Request (CSR), run the following command:
    keytool -certreq -v -alias <alias_name> -file <csr-for-myserver>.pem -keypass <key_password> -storepass <store_password> -keystore <server_keystore>.jks
    Where,
    • <alias_name> indicates the alias that was used during the creation of keystore.
    • <csr-for-myserver> indicates a file name for the CSR file.
    • <key_password> indicates the keystore password that was provided during the keystore creation.
    • <store_password> indicates the store password that was provided during the keystore creation.
    • <server_keystore> indicates the JKS file name that was generated during the keystore creation.

    The system creates the csr-for-myserver.pem file. The file is sent to a Certificate Authority (CA) to create a signed public key certificate.