Filter
Top Products
6. If you have changed the keystore or private key password from their default, then substitute
the new password for changeit in the above command.
The tool displays information about the certicate and prompts whether you want to trust
the certicate.
7. Type yes, then press Enter.
Then keytool displays something like this:
Certificate was added to keystore
[Saving cacerts.jks]
8. Restart the Enterprise Server.
Signing a Digital Certicate Using the keytool Utility
After creating a digital certicate, the owner must sign it to prevent forgery. E-commerce sites,
or those for which authentication of identity is important can purchase a certicate from a
well-known Certicate Authority (CA). If authentication is not a concern, for example if private
secure communications is all that is required, save the time and expense involved in obtaining a
CA certicate and use a self-signed certicate.
1. Follow the instructions on the CA's Web site for generating certicate key pairs.
2. Download the generated certicate key pair.
Save the certicate in the directory containing the keystore and truststore les, by default
domain-dir/config directory. See
“Changing the Location of Certicate Files” on page 112.
3. In your shell, change to the directory containing the certicate.
4. Use keytool to import the certicate into the local keystore and, if necessary, the local
truststore.
keytool -import -v -trustcacerts
-alias keyAlias
-file server.cer
-keystore cacerts.jks
-keypass changeit
-storepass changeit
If the keystore or private key password is not the default password, then substitute the new
password for changeit in the above command.
5. Restart the Enterprise Server.
Deleting a Certicate Using the keytool Utility
To delete an existing certicate, use the keytool -delete command, for example:
UsingJavaSecure SocketExtension(JSSE)Tools
Chapter9 • ConguringSecurity 115