Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Generating a Private Key and a Keystore"
| Line 25: | Line 25: | ||
keytool -printcert -v -file signed-cert.pem | keytool -printcert -v -file signed-cert.pem | ||
| − | 5. | + | 5. Download Root certificate from CA. |
Revision as of 11:06, 21 November 2007
1. To generate a keystore, you need a JDK installed with its /bin directory in your path
2. Create a keystore using this command:
keytool -genkey -alias tomcat -keyalg RSA -keystore keystore.jks
keytool will ask you to enter the values for Common Name (CN), Organizational Unit (OU), Oranization(O), Locality (L), State (S) and Country (C). CN should match the domain name of your webapp if you are planning to use this keystore for your servlet container
You can verify keystore contents using this command:
keytool -list -v -keystore keystore.jks
3. Generate the Certificate Signing Request (CSR) using this command:
keytool -certreq -v -alias tomcat -file csr-for-myserver.pem -keystore keystore.jks
Submit contents of csr-for-myserver.pem file to your CA for signing
You can get a trial certificate from Thawte at https://www.thawte.com/cgi/server/try.exe
4. Save the signed certificate from CA to a file signed-cert.pem
You can see the contents of the signed certificate using this command:
keytool -printcert -v -file signed-cert.pem
5. Download Root certificate from CA.