Generating a Server Certificate

Use keytool to generate, import, and export certificates. By default, keytool creates a keystore file in the directory where it is run.

To generate a server certificate:

  1. Change to the directory where the server certificate is to be run.
  2. Always generate the certificate in the directory containing the server’s keystore and trust-store files, by default install_dir/domains/domain_name/config. For information on changing the location of these files, see "Changing the Location of Certificate Files".

  3. Enter the following keytool command to generate the server certificate in the keystore file, keystore.jks:
  4. keytool -genkey -alias keyAlias
    -keyalg RSA
    -keypass changeit
    -storepass changeit
    -keystore keystore.jks
  1. Enter the following keytool command to export the generated server certificate to the file server.cer:
  2. keytool -export -alias keyAlias
    -storepass changeit
    -file server.cer
    -keystore keystore.jks
  3. If a certificate signed by a certificate authority is required, see "Signing a Digital Certificate" for more information.
  4. To create the trust-store file cacerts.jks and add the server certificate to the trust-store, enter the following keytool command:
  5. keytool -import -v -trustcacerts
    -alias keyAlias
    -file server.cer
    -keystore cacerts.jks
    -keypass changeit
  1. Type yes, then press Enter.
  2. Then keytool displays something like this:

    Certificate was added to keystore
    [Saving cacerts.jks]
  3. Restart the Application Server.

For complete information about using keytool, see the keytool documentation at:

http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html

See also:


Legal Notices