First we will try to understand what is a certificate.
A certificate is a digitally signed statement from one entity.
This entity can be an organization or a particular person.
Every digital certificate has a pair of associated private key and a public key.
A public key is part of the owner's digital certificate and is available for anyone to use.A private key is protected by and available only to the owner of the key.
This limited access ensures secure communication.
A certificate owner can use a certificate's private key to sign and encrypt data sent between two end.The recipient of the signed object can then use the public key contained in the signer's certificate to decrypt the signature.This allows reliability and integrity of the data.
keytool is a key and certificate management utility.
It allows users to administer their own public/private key pairs and associated certificates for use in self-authentication.keytool stores the keys and certificates in a keystore which is nothing but a repository to store keys and certificates.
Creating you own key pair
============================
The general syntax for creating a key pair using key tool is
keytool -genkeypair -dname "your domain name" -alias alias name -keypass password for private key -keystore location to store key pair -storepass password to protect integrity or keystore -validity no of days for which it is valid.
Storepass must be at least 6 characters long. It must be provided to all commands that access the keystore contents.So everyone who will try to access the keystore will have to provide the storepass password to access it.
With this syntax we will try to create a new key pair
keytool -genkey -dname "cn=Arpit Rahi, ou=Integration, o=Sun, c=IN" -alias Sample -keypass Ankit1234 -keystore C:\key\certificates -storepass Nitin1234 -validity 180
Here we need to take care that we have to create a directory structure already c:\key and certificate is the name of keystore.
There is one more way to create it.
keytool -genkey -alias Sample -keyalg RSA -keystore C:\certificate\key -storepass welcome1
here domain name will be provided while creating key.
Now next Generate the Certificate Request using following command.
keytool -certreq -v -alias Sample -keyalg RSA -keystore C:\certificate\key
here we have to point to the keystore that we have created and provide the path
Now we can use any certification authority,in my case i am using oracle certification authority set up at my end
just copy paste the details of the certificate.
use oca user console to generate
https://host:ssl port/oca/user
Now go to oca admin console to approve it.
you can view the certificate thus saved by using following keytool command
keytool -printcert -file your file
Now you can import the certificate
keytool -v -import -trustcacerts -keystore /keystore-location
-file certificate-reply-file -alias Sample
and then verify it.
using following command
keytool -v -list -keystore /keystore-location
NOw once the certificate are generated you can use it for ssl.
No comments:
Post a Comment