Create Java Keystore
In this section, Java keytool commands will be used to generate a new key pair on the Vectera Plus, create a Certificate Signing Request (CSR), issue a certificate by means of an internal or external CA, and import the signed certificate and its accompanying CA certificate into a Java keystore.
The purpose of these steps is so that the signed certificate can be used to sign a JAR file in the next section using jarsigner.
The Keytool application is included in the JDK 8 installation, so no additional configuration is required to run the following Keytool commands.
Execute the following command:
-alias is a field used to set a name to identify the key pair and certificate to be generated. It can be any name (example: JarSignerDemo).
Upon the execution of the previous instruction, the Keytool application will ask for information for the server certificate to be generated.
Enter the KeyStore password: (The password that you set here will be used in all keytool and jarsigner commands moving forward.)
To generate and export a CSR run the following command:
Enter the keystore password.
The CSR must be signed by a CA, either third-party or internal. Once signed, the server certificate returned by the CA will be imported along with the CA certificate.
To import the CA root certificate, run the following command:
Enter the keystore password.
You will be prompted to trust the certificate, enter Yes.
To import the signed server certificate, run the following command:
Enter the keystore password.
If the command was successful, you should see an output similar to the following: