Support User Manuals

Sun Microsystems 820433510 Server User Manual

Open as PDF

of 256

■

Create a self-signed certicate in a keystore of type JKS using an RSA key algorithm. RSA is

public-key encryption technology developed by RSA Data Security, Inc. The acronym

stands for Rivest, Shamir, and Adelman, the inventors of the technology.

keytool -genkey -noprompt -trustcacerts -keyalg RSA -alias ${cert.alias}

-dname ${dn.name} -keypass ${key.pass} -keystore ${keystore.file}

-storepass ${keystore.pass}

Another example of creating a certicate is shown in “Generating a Certicate Using the

keytool Utility” on page 114

.

■

Create a self-signed certicate in a keystore of type JKS using the default key algorithm.

keytool -genkey -noprompt -trustcacerts -alias ${cert.alias} -dname

${dn.name} -keypass ${key.pass} -keystore ${keystore.file} -storepass

${keystore.pass}

An example of signing a certicate is shown in “Signing a Digital Certicate Using the

keytool Utility” on page 115

■

Display available certicates from a keystore of type JKS.

keytool -list -v -keystore ${keystore.file} -storepass ${keystore.pass}

■

Display certicate information from a keystore of type JKS.

keytool -list -v -alias ${cert.alias} -keystore ${keystore.file}

-storepass ${keystore.pass}

■

Import an RFC/text-formatted certicate into a JKS store. Certicates are often stored using

the printable encoding format dened by the Internet RFC (Request for Comments) 1421

standard instead of their binary encoding. This certicate format, also known as Base 64

encoding, facilitates exporting certicates to other applications by email or through some

other mechanism.

keytool -import -noprompt -trustcacerts -alias ${cert.alias} -file

${cert.file} -keystore ${keystore.file} -storepass ${keystore.pass}

■

Export a certicate from a keystore of type JKS in PKCS7 format. The reply format dened

by the Public Key Cryptography Standards #7, Cryptographic Message Syntax Standard,

includes the supporting certicate chain in addition to the issued certicate.

keytool -export -noprompt -alias ${cert.alias} -file ${cert.file}

-keystore ${keystore.file} -storepass ${keystore.pass}

■

Export a certicate from a keystore of type JKS in RFC/text format.

keytool -export -noprompt -rfc -alias ${cert.alias} -file

${cert.file} -keystore ${keystore.file} -storepass ${keystore.pass}

■

Delete a certicate from a keystore of type JKS.

UsingJavaSecure SocketExtension(JSSE)Tools

Chapter9 • ConguringSecurity 113

previous next