Keystores stores certificates, using below mentioned command mysite-keystore.jks file will be created. There are two password to be provided one for keystore and second password for alias
keytool -genkey -alias mysite.com -keyalg RSA -keystore mysite-keystore.jks -keysize 2048
This will generate file named as mysite-keystore.jks file which will contain certificate information as provided.
Now, to list certificate information using keystore below mentioned command can be used.
keytool -list -v -keystore mysite-keystore.jks
This will list self signed certificate inside your keystore. To configure tomcat with selfsigned certificate below mentioned is server.xml file change for e.g.
<Connector port="7443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/home/ec2-user/certs/gruber-keystore"
keystorePass="changeit"
/>
Certificates are signed by CA called certification authority, in which case we need to generate certificate signing request called csr. Keytool command can genereate csr request using below mentioned.
keytool -certreq -alias mysite.com -keystore mysite-keystore.jks -file mydomain.csr
This will generate mydomain.csr file which we need to send to CA and it will be signed by them.
CA provides certificates which includes root certificate and certificate chains. We can import those certificates using
keytool -import -trustcacerts -alias root -file Thawte.crt -keystore mydomain-keystore.jks
Portecle is very good tool for generating keystore, generating keypair, examining certificate and importing signed certificate.
More information on protecle can be found here. http://portecle.sourceforge.net/
keytool -genkey -alias mysite.com -keyalg RSA -keystore mysite-keystore.jks -keysize 2048
This will generate file named as mysite-keystore.jks file which will contain certificate information as provided.
Now, to list certificate information using keystore below mentioned command can be used.
keytool -list -v -keystore mysite-keystore.jks
This will list self signed certificate inside your keystore. To configure tomcat with selfsigned certificate below mentioned is server.xml file change for e.g.
<Connector port="7443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/home/ec2-user/certs/gruber-keystore"
keystorePass="changeit"
/>
Certificates are signed by CA called certification authority, in which case we need to generate certificate signing request called csr. Keytool command can genereate csr request using below mentioned.
keytool -certreq -alias mysite.com -keystore mysite-keystore.jks -file mydomain.csr
This will generate mydomain.csr file which we need to send to CA and it will be signed by them.
CA provides certificates which includes root certificate and certificate chains. We can import those certificates using
keytool -import -trustcacerts -alias root -file Thawte.crt -keystore mydomain-keystore.jks
Portecle is very good tool for generating keystore, generating keypair, examining certificate and importing signed certificate.
More information on protecle can be found here. http://portecle.sourceforge.net/
No comments:
Post a Comment