Sun Microsystems 820433510 manual Deleting a Certificate Using thekeytool Utility

Using Java Secure Socket Extension (JSSE) Tools

6.If you have changed the keystore or private key password from their default, then substitute the new password for changeit in the above command.

The tool displays information about the certificate and prompts whether you want to trust the certificate.

7.Type yes, then press Enter.

Then keytool displays something like this:

Certificate was added to keystore [Saving cacerts.jks]

8.Restart the Enterprise Server.

Signing a Digital Certificate Using thekeytool Utility

After creating a digital certificate, the owner must sign it to prevent forgery. E-commerce sites, or those for which authentication of identity is important can purchase a certificate from a well-known Certificate Authority (CA). If authentication is not a concern, for example if private secure communications is all that is required, save the time and expense involved in obtaining a CA certificate and use a self-signed certificate.

1.Follow the instructions on the CA's Web site for generating certificate key pairs.

2.Download the generated certificate key pair.

Save the certificate in the directory containing the keystore and truststore files, by default domain-dir/config directory. See “Changing the Location of Certificate Files” on page 112.

3.In your shell, change to the directory containing the certificate.

4.Use keytool to import the certificate into the local keystore and, if necessary, the local truststore.

keytool -import -v -trustcacerts -alias keyAlias

-file server.cer -keystore cacerts.jks

-keypass changeit

-storepass changeit

If the keystore or private key password is not the default password, then substitute the new password for changeit in the above command.

5.Restart the Enterprise Server.

Deleting a Certificate Using thekeytool Utility

To delete an existing certificate, use the keytool -delete command, for example: