Sun Microsystems 820433510 manual Generating a Certificate Using thekeytool Utility

Using Java Secure Socket Extension (JSSE) Tools

keytool -delete -noprompt -alias ${cert.alias} -keystore ${keystore.file} -storepass ${keystore.pass}

Another example of deleting a certificate from a keystore is shown in “Deleting a Certificate Using the keytool Utility” on page 115

Generating a Certificate Using thekeytool Utility

Use keytool to generate, import, and export certificates. By default, keytool creates a keystore file in the directory where it is run.

1.Change to the directory where the certificate is to be run.

Always generate the certificate in the directory containing the keystore and truststore files, by default domain-dir/config. For information on changing the location of these files, see “Changing the Location of Certificate Files” on page 112.

2.Enter the following keytool command to generate the certificate in the keystore file, keystore.jks:

keytool -genkey -alias keyAlias-keyalg RSA -keypass changeit

-storepass changeit -keystore keystore.jks

Use any unique name as your keyAlias. If you have changed the keystore or private key password from their default, then substitute the new password for changeit in the above command. The default key password alias is “s1as.”

A prompt appears that asks for your name, organization, and other information that keytool uses to generate the certificate.

3.Enter the following keytool command to export the generated certificate to the file server.cer (or client.cer if you prefer):

keytool -export -alias keyAlias-storepass changeit -file server.cer

-keystore keystore.jks

4.If a certificate signed by a certificate authority is required, see“Signing a Digital Certificate Using the keytool Utility” on page 115.

5.To create the truststore filecacerts.jks and add the certificate to the truststore, enter the following keytool command:

keytool -import -v -trustcacerts -alias keyAlias

-file server.cer -keystore cacerts.jks

-keypass changeit