Generate key pair on the CryptoHub by using Java Keytool

3min
With Apache Tomcat secure connections, you need to store a server private key and certificate in the Java KeyStore saved on the  . This server certificate is presented to clients when connecting to the Tomcat server.
This section uses Java keytool to generate a new key pair on the , which you can use later to sign a JAR file by using the Java jarsigner utility.
The JDK installation includes the keytool application, so you can run the keytool commands in this section with no additional configuration.
Generate a key pair on the  
Execute the following command:
Text
keytool -genkeypair -keyalg EC -alias tomcatdemo1 -keystore NONE -storetype PKCS11 -providerclass sun.security.pkcs11.SunPKCS11 -providerName SunPKCS11-Futurex
keytool -genkeypair -keyalg EC -alias tomcatdemo1 -keystore NONE -storetype PKCS11 -providerclass sun.security.pkcs11.SunPKCS11 -providerName SunPKCS11-Futurex
﻿
After execution, the keytool application prompts for information about the key pair to be generated.

Enter the KeyStore password:
When prompted for the KeyStore password in this command, enter the  identity password configured inside the <CRYPTO-OPR-PASS> tag in the fxpkcs11.cfg file.
Text
1. What is your first and last name?
<br>
[Unknown]:  www.example.com

2. What is the name of your organizational unit?
<br>
[Unknown]: Engineering

3. What is the name of your organization?
<br>
[Unknown]:  Futurex

4. What is the name of your City or Locality?
<br>
[Unknown]:  Bulverde

5. What is the name of your State or Province?
<br>
[Unknown]:  TX

6. What is the two-letter country code for this unit?
<br>
[Unknown]:  US

7. Is CN=www.example.com, OU=Engineering, O=Futurex, L=Bulverde, ST=TX, C=US correct?
<br>
[no]:  yes
1. What is your first and last name?
<br>
[Unknown]:  www.example.com

2. What is the name of your organizational unit?
<br>
[Unknown]: Engineering

3. What is the name of your organization?
<br>
[Unknown]:  Futurex

4. What is the name of your City or Locality?
<br>
[Unknown]:  Bulverde

5. What is the name of your State or Province?
<br>
[Unknown]:  TX

6. What is the two-letter country code for this unit?
<br>
[Unknown]:  US

7. Is CN=www.example.com, OU=Engineering, O=Futurex, L=Bulverde, ST=TX, C=US correct?
<br>
[no]:  yes
﻿
﻿
Configure SunPKCS11 to use the Futurex PKCS11 module
Assign the key pair to a certificate and apply an issuance policy