beautypg.com

Sun Microsystems 5.1.1 User Manual

Page 30

background image

Chapter 4

Section 4.2

Operating SSL

KeyStores and TrustStores

HTTPS eWay Adapter User’s Guide

30

Sun Microsystems, Inc.

signing request (CSR). The CA is therefore trusted by the server-side application to
which the eWay is connected.

Note:

It is recommended to use the default KeyStore
\logicalhost\is\domains\\config\k

eystore.jks

where is the directory where the Sun Java

Composite Application Platform Suite is installed and is the name of
your domain.

To generate a KeyStore

Use the following command:

keytool -keystore clientkeystore -genkey -alias client

You are prompted for several pieces of information required to generate a CSR. A
sample key generation section follows:

Enter keystore password: seebyond
What is your first and last name?
[Unknown]: development.seebeyond.com
What is the name of your organizational unit?
[Unknown]: Development
what is the name of your organization?
[Unknown]: SeeBeyond
What is the name of your City of Locality?
[Unknown]: Monrovia
What is the name of your State or Province?
[Unknown]: California
What is the two-letter country code for this unit?
[Unknown]: US
IsST=California, C=US> correct?
[no]: yes

Enter key password for

(RETURN if same as keystore password):

If the KeyStore password is specified, then the password must be provided for the
eWay. Press RETURN when prompted for the key password (this action makes the key
password the same as the KeyStore password).

This operation creates a KeyStore file clientkeystore in the current working directory.
You must specify a fully-qualified domain for the “first and last name” question. The
reason for this use is that some CAs such as Verisign expect this properties to be a fully
qualified domain name.

There are CAs that do not require the fully qualified domain, but it is recommended to
use the fully-qualified domain name for the sake of portability. All the other
information given must be valid. If the information can not be validated, a CA such as
Verisign does not sign a generated CSR for this entry.

This KeyStore contains an entry with an alias of client. This entry consists of the
Generated private key and information needed for generating a CSR as follows:

keytool -keystore clientkeystore -certreq alias client -keyalg rsa

-file client.csr

See also other documents in the category Sun Microsystems Hardware: