Generating a Server Certificate

You can use keytool to generate, import, and export certificates. By default, keytool creates a keystore file in the directory where you run it.

To generate a server certificate:

  1. Change to the directory in which you want to generate the server certificate.
  2. Always generate the certificate in the directory containing the server’s keystore and trust-store files, by default install_dir/domains/domain_name/config. For information on changing the location of these files, see Changing the Location of Certificate Files.

  3. Enter the following keytool command to generate the server certificate in the keystore file, keystore.jks:
  4. keytool -genkey -alias keyAlias
    -keyalg RSA
    -keypass changeit
    -storepass changeit
    -keystore keystore.jks
  1. Enter the following keytool command to export the generated server certificate to the file server.cer:
  2. keytool -export -alias keyAlias
    -storepass changeit
    -file server.cer
    -keystore keystore.jks
  3. If you want to have the certificate signed by a certificate authority, see Signing a Digital Certificate for more information.
  4. To create the trust-store file cacerts.jks and add the server certificate to the trust-store, enter the following keytool command:
  5. keytool -import -v -trustcacerts
    -alias server-alias
    -file server.cer
    -keystore cacerts.jks
    -keypass changeit
  1. Type yes, then press Enter.
  2. Then keytool displays something like this:

    Certificate was added to keystore
    [Saving cacerts.jks]
  3. Restart the Application Server.

For complete information about using keytool, see the keytool documentation at:

http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html
Legal Notices