Create Public and Private Key Pair

3.3.1 Create Public and Private Key Pair

User needs to create the public and private key pair using the command to obtain the identity store.

Browse to the bin folder of JRE from the command prompt and type the following command:

Note:

The items highlighted in bold are placeholders and should be replaced with suitable values when running the command.

keytool -genkeypair -alias alias -keyalg keyalg -keysize keysize - sigalg sigalg -validity valDays -keystore keystore

In the above command,

Table 3-2 Description of Placeholders

Placeholder	Description
`alias`	`alias` is used to identify the public and private key pair created. This alias is required later when configuring the SSL attributes for the managed servers in Oracle Weblogic Server.
`keyalg`	`keyalg` is the key algorithm used to generate the public and private key pair. The RSA key algorithm is recommended.
`keysize`	`keysize` is the size of the public and private key pairs generated. A key size of 1024 or more is recommended. Consult with the CA on the key size support for different types of certificates.
`sigalg`	`sigalg` is the algorithm used to generate the signature. This algorithm should be compatible with the key algorithm and should be one of the values specified in the Java Cryptography API Specification and Reference.
`valdays`	`valdays` is the number of days for which the certificate is to be considered valid. Consult with the CA on this period.
`keystore`	`keystore` is used to specify the location of the JKS file. If no JKS file is present in the path provided, a JKS file will be created.

The command will prompt for the following attributes of the certificate and keystore:

Table 3-3 Description of Attributes

Attribute	Description
Keystore Password	Specify a password that will be used to access the keystore. This password needs to be specified later when configuring the identity store in the Oracle Weblogic Server.
Key Password	Specify a password that will be used to access the private key stored in the keystore. This password needs to be specified later when configuring the SSL attributes of the managed server(s) in the Oracle Weblogic Server.
First and Last Name (CN)	Specify the domain name of the machine used to access Oracle Banking Branch. For example, www.example.com
Name of your Organizational Unit	Specify the name of the department or unit making the request. For example, BPD. Use this field to further identify the SSL Certificate user are creating, for example, by department or by the physical server.
Name of your Organization	Specify the name of the organization making the certificate request. For example, Oracle Financial Services Software Limited. It is recommended to use the company or organization's formal name, and this name entered here must match the name found in official records.
Name of your City or Locality	Specify the city in which the organization is physically located. For example, Mumbai.
Name of your State or Province	Specify the state or province in which the organization is physically located. For example, Maharashtra.
Two-letter Country Code for this Unit	Specify the country in which the organization is physically located. For example, US, UK, IN, and so on.

For example:

The result of a sample execution of the command is listed below:

D:\Oracle\weblogic11g\jrockit_160_05_R27.6.2-20\bin>keytool - genkeypair -alias cvrhp0729 -keyalg RSA -keysize 1024 -sigalg SHA1withRSA -validity 365 -keystore D:\keystores\AdminOBREMOKeyStore.jks

Enter keystore password:<Enter a password to protect the keystore>

Re-enter new password:<Confirm the password keyed above>

What is your first and last name?

[Unknown]: cvrhp0729.oracle.com

What is the name of your organizational unit?

[Unknown]: BPD

What is the name of your organization?

[Unknown]: Oracle Financial Services Software Limited

What is the name of your City or Locality?

[Unknown]: Mumbai

What is the name of your State or Province?

[Unknown]: Maharashtra

What is the two-letter country code for this unit?

[Unknown]: IN Is CN=cvrhp0729.oracle.com, OU=BPD, O=Oracle Financial Services, L=Mumbai, ST=Maharashtra, C=IN correct?

[no]: yes

Enter key password for <cvrhp0729>

(RETURN if same as keystore password):<Enter a password to protect the key>

Re-enter new password:<Confirm the password keyed above>

Parent topic: Creating Identity Store with Trusted Certificates Issued by CA