6. Ifyou have changed the keystore or private key password from their default, then substitute
thenew password for changeit in the above command.
Thetool displays information about the certicate and prompts whether you want to trust
thecerticate.
7. Typeyes, then press Enter.
Thenkeytool displays something like this:
Certificate was added to keystore
[Saving cacerts.jks]
8. Restartthe Enterprise Server.
Signing a Digital Certicate Usingthe keytool Utility
Aftercreating a digital certicate, the owner must sign it to prevent forgery. E-commerce sites,
orthose for which authentication of identity is important can purchase a certicate from a
well-knownCerticate Authority (CA). If authentication is not a concern, for example if private
securecommunications is all that is required, save the time and expense involved in obtaining a
CAcerticate and use a self-signed certicate.
1. Followthe instructions on the CA's Web site for generating certicate key pairs.
2. Downloadthe generated certicate key pair.
Savethe certicate in the directory containing the keystore and truststore les, by default
domain-dir/configdirectory. See “Changing the Location of Certicate Files” on page 112.
3. Inyour shell, change to the directory containing the certicate.
4. Usekeytool to import the certicate into the local keystore and, if necessary, the local
truststore.
keytool -import -v -trustcacerts
-alias keyAlias
-file server.cer
-keystore cacerts.jks
-keypass changeit
-storepass changeit
Ifthe keystore or private key password is not the default password, then substitute the new
passwordfor changeit in the above command.
5. Restartthe Enterprise Server.
Deleting a Certicate Usingthe keytool Utility
Todelete an existing certicate, use the keytool -delete command, for example:
UsingJavaSecure Socket Ex tension( JSSE)Tools
Chapter9 •Conguring Security 115