Chapter 4

Section 4.2

Operating SSL

KeyStores and TrustStores

signing request (CSR). The CA is therefore trusted by the server-side application to which the eWay is connected.

Note: It is recommended to use the default KeyStore <c:\JavaCAPS>\logicalhost\is\domains\<MyDomain>\config\k eystore.jks where <c:\JavaCAPS> is the directory where the Sun Java Composite Application Platform Suite is installed and <MyDomain> is the name of your domain.

To generate a KeyStore

Use the following command:

keytool -keystore clientkeystore -genkey -alias client

You are prompted for several pieces of information required to generate a CSR. A sample key generation section follows:

Enter keystore password: seebyond What is your first and last name? [Unknown]: development.seebeyond.com

What is the name of your organizational unit? [Unknown]: Development

what is the name of your organization? [Unknown]: SeeBeyond

What is the name of your City of Locality? [Unknown]: Monrovia

What is the name of your State or Province? [Unknown]: California

What is the two-letter country code for this unit? [Unknown]: US

Is<CN=Foo Bar, OU=Development, O=SeeBeyond, L=Monrovia, ST=California, C=US> correct?

[no]: yes

Enter key password for <client>

(RETURN if same as keystore password):

If the KeyStore password is specified, then the password must be provided for the eWay. Press RETURN when prompted for the key password (this action makes the key password the same as the KeyStore password).

This operation creates a KeyStore file clientkeystore in the current working directory. You must specify a fully-qualified domain for the “first and last name” question. The reason for this use is that some CAs such as Verisign expect this properties to be a fully qualified domain name.

There are CAs that do not require the fully qualified domain, but it is recommended to use the fully-qualified domain name for the sake of portability. All the other information given must be valid. If the information can not be validated, a CA such as Verisign does not sign a generated CSR for this entry.

This KeyStore contains an entry with an alias of client. This entry consists of the Generated private key and information needed for generating a CSR as follows:

keytool -keystore clientkeystore -certreq alias client -keyalg rsa -file client.csr

HTTPS eWay Adapter User’s Guide

30

Sun Microsystems, Inc.

Page 30
Image 30
Sun Microsystems 5.1.1 manual To generate a KeyStore