Create Java KeyStore

5min

this section uses java keytool commands to generate a new key pair on the {{vectera}} , create a certificate signing request (csr), issue a certificate through an internal or external ca, and import the signed certificate and its accompanying ca certificate into a java keystore perform the following tasks to ensure that you can use jarsigner and the signed certificate to sign a jar file in the next section generate a server key pair and self signed certificate generate and export a csr import a ca root certificate import the server certificate signed by the ca because the jdk 8 installation includes keytool , you can run the commands without additional configuration 1 | generate a server key pair and self signed certificate execute the following command alias sets a name to identify the key pair and certificate to be generated it can be any name (for example, jarsignerdemo ) keytool genkeypair keyalg rsa keysize 2048 alias keytooldemo keystore none storetype pkcs11 providerclass sun security pkcs11 sunpkcs11 providername sunpkcs11 futurex when prompted, enter the following information for the server certificate you want to generate and enter a new keystore password, which all subsequent keytool and jarsigner commands use what is your first and last name? \[unknown] www example com what is the name of your organizational unit? \[unknown] engineering what is the name of your organization? \[unknown] futurex what is the name of your city or locality? \[unknown] bulverde what is the name of your state or province? \[unknown] tx what is the two letter country code for this unit? \[unknown] us is cn=www example com, ou=engineering, o=futurex, l=bulverde, st=tx, c=us correct? \[no] yes 2 | generate and export a csr to generate and export a csr, run the following command keytool certreq alias keytooldemo file example csr keystore none storetype pkcs11 providerclass sun security pkcs11 sunpkcs11 providername sunpkcs11 futurex enter the keystore password send the csr to a third party or internal ca to get it signed the ca returns the server certificate and ca certificate for you to import 3 | import a ca root certificate to import the ca root certificate, run the following command keytool import trustcacerts alias keytooldemoca keystore none file ssl ca cert pem storetype pkcs11 providerclass sun security pkcs11 sunpkcs11 providername sunpkcs11 futurex enter the keystore password when prompted to trust the certificate, enter yes as shown in the following example trust this certificate? \[no] yes certificate was added to keystore 4 | import a server certificate signed by ca to import the signed server certificate, run the following command keytool importcert alias keytooldemo keystore none file signed example cert pem storetype pkcs11 providerclass sun security pkcs11 sunpkcs11 providername sunpkcs11 futurex enter the keystore password if the command was successful, you should see an output similar to the following certificate reply was installed in keystore

Edit the Futurex PKCS #11 configuration file

Privileged access management