Generate After generating the CA, the next step is to generate a key pair for the server/service.
Run the following command:
Code Block $ keytool -genkey -alias server -keyalg RSA -keystore ./Server.jks -storetype PKCS12
alias= name of the
...
key, for example,
serverkeystore= name of the keystore, for example,server.
...
jksNote title Note! When prompted for first and last name, the hostname where the certificate is valid should be entered
...
, for example, localhost. Other values can be anything.
Generate a Certificate Signing Request (CSR) so that we can get server's certificate
...
signed
...
using a CA.
Code Block $ keytool -certreq -alias server -keystore Server.jks -file Server.csrGet the certificate signed by our the CA, Test CA
...
in this example. See
...
9.82.2.41 Setting Up a Certificate Authority on how to set up a CA.
Code Block $ openssl x509 -CA caroot.cer -CAkey cakey.pem -CAserial serial.txt -req -in Server.csr -out Server.cer -days 365Note title Note! CA,CAkeyandCAserialare files generated when setting up the CA.Import the Test CA
...
root self signed certificate in server key store as a trusted certificate.
Code Block $ keytool -import -alias TestCA -file caroot.cer -keystore Server.jksImport server's certificate signed by Test CA in server key store with the same alias name that was used to generate the key pair during genkey.
Code Block $ keytool -import -alias server -file Server.cer -keystore Server.jks