...
In this example we are generating a key called <your_cert_alias> and storing it in a brand new keystore called mywebservices.bin.
Code Block | ||
---|---|---|
| ||
su - serveradmin cd /opt/jre1.6.0_12/bin/ # Create a local Certificate keytool -genkey -alias <your_cert_alias> -keyalg RSA -keystore mywebservices.bin |
...
As a result, a brand new keystore file is generated. You can confirm this,
Code Block | ||
---|---|---|
| ||
keytool -keystore mywebservices.bin -list Enter keystore password: ****** Keystore type: jks Keystore provider: SUN Your keystore contains 1 entry mywebservices, Oct 8, 2009, keyEntry, Certificate fingerprint (MD5): 02:70:28:DE:A6:BC:0B:5E:3C:FB:BF:B3:68:8F:0F:32 |
...
In this step we generate the request for the SSL certificate.
Code Block | ||
---|---|---|
| ||
# Generate the CSR (Certificate Service Request) keytool -certreq -keyalg RSA -alias mywebservices -file mywebservices.csr -keystore mywebservices.bin # It is important that the cert files be in the webapps directory mv mywebservices.* /opt/apache-tomcat-6.0.18/webapps/ |
...
Take a look inside your keystore and you should see the newly added certs with their unique alias.
Code Block | ||
---|---|---|
| ||
eytool -keystore mywebservices.bin -list entrust-l1b, Oct 9, 2009, trustedCertEntry, Certificate fingerprint (MD5): C2:DF:86:BD:E4:8B:FF:26:4D:AE:6A:26:1D:7A:70:D9 entrust-2048-root, Oct 9, 2009, trustedCertEntry, Certificate fingerprint (MD5): CC:23:87:09:9B:09:3A:6F:5E:62:EB:F4:73:54:E9:28 pkiwebservices, Oct 8, 2009, keyEntry, Certificate fingerprint (MD5): 02:70:28:DE:A6:BC:0B:5E:3C:FB:BF:B3:68:8F:0F:32 |
...
Finally you can import your new Certificate making sure to use the same alias on the initial generation, pkiwebservices as you are replacing the self-signed cert already in the keystore.
Code Block | ||
---|---|---|
| ||
keytool -import -alias mywebservices -keystore mywebservices.bin -trustcacerts -file <filename_of_the_chain_certificate> Certificate reply was installed in keystore # This is the expected response |
...