The keystores (store.keys and store.trust) that are
automatically generated by makebootconfig or securityconfig
can also be manually created using the following
keytool commands:
To generate the keypair, use the keytool
-genkeypair command:
keytool -genkeypair \ -keystore store.keys \ -storepass <passwd> \ -keypass <passwd> \ -alias shared \ -dname "CN=NoSQL" \ -keyAlg RSA \ -keysize 1024 \ -validity 365
To export the keypair, use the keytool
-export command:
keytool -export \ -file <temp file> \ -keystore store.keys \ -storepass <passwd> \ -alias shared
To import the keypair, use the keytool
-import command:
keytool -import \ -file <temp file> \ -keystore store.keys \ -storepass <passwd> -noprompt
You can also use the keytool commands
described above to manually generate other keystore and
truststore keys and substitute them for the ones that Oracle NoSQL Database
generates, provided you adhere to the following rules:
The store.keys file should have a key pair with the alias "shared".
The store.keys store password (-storepass) must match the key password (-keypass)
If a subject distinguished name other than
CN=NoSQL is chosen for the
self-signed certificate, then you must specify the
following options to the makebootconfig or
securityconfig command:
-param "ha:serverIdentityAllowed=dnmatch(SOMEDN)" -param "ha:clientIdentityAllowed=dnmatch(SOMEDN)" -param "internal:serverIdentityAllowed=dnmatch(SOMEDN)" -param "internal:clientIdentityAllowed=dnmatch(SOMEDN)" -param "client:serverIdentityAllowed=dnmatch(SOMEDN)"
where SOMEDN is the
distinguished name (-dname) chosen.
The store password for store.trust should match the store password for store.keys.