You can use keytool
to generate, import, and export certificates. By default, keytool
creates a keystore file in the directory where you run it.
To generate a server certificate:
Always generate the certificate in the directory containing the server’s keystore and trust-store files, by default install_dir/domains/
domain_name/config
. For information on changing the location of these files, see Changing the Location of Certificate Files.
keytool
command to generate the server certificate in the keystore file, keystore.jks
:
keytool -genkey -alias keyAlias
-keyalg RSA
-keypass changeit
-storepass changeit
-keystore keystore.jks
Use any unique name as your keyAlias. If you have changed the keystore or private key password from their default, then substitute the new password for “changeit” in the above command.
You will be prompted for your name, organization, and other information that keytool
uses to generate the certificate.
keytool
command to export the generated server certificate to the file server.cer
:
keytool -export -alias keyAlias
-storepass changeit
-file server.cer
-keystore keystore.jks
cacerts.jks
and add the server certificate to the trust-store, enter the following keytool
command:
keytool -import -v -trustcacerts
-alias server-alias
-file server.cer
-keystore cacerts.jks
-keypass changeit
If you have changed the keystore or private key password from their default, then substitute the new password for “changeit” in the above command.
The tool displays information about the certificate and prompts whether you want to trust the certificate.
yes
, then press Enter.
Then keytool
displays something like this:
Certificate was added to keystore
[Saving cacerts.jks]
For complete information about using keytool
, see the keytool
documentation at:
http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html