Java Reference
In-Depth Information
When you press Enter,
keytool
prompts you to enter the server name, organiza-
tional unit, organization, locality, state, and country code.
You must type the server name in response to
keytool
's first prompt, in which it
asks for first and last names. For testing purposes, this can be
localhost
.
When you run the example applications, the host (server name) specified in the
keystore must match the host identified in the
javaee.server.name
property
specified in the
tut-install
/examples/bp-project/build.properties
file (by default, this is
localhost
).
2. Export the generated server certificate in
keystore.jks
into the file
serv-
er.cer
.
Type the
keytool
command all on one line:
java-home
/bin/keytool -export -alias server-alias -storepass
changeit
-file server.cer -keystore keystore.jks
3. If you want to have the certificate signed by a CA, read the example in the
keytool
documentation.
4. To add the server certificate to the truststore file,
cacerts.jks
,
run
keytool
from the directory where you created the keystore and server certi-
ficate.
Use the following parameters:
java-home
/bin/keytool -import -v -trustcacerts -alias server-alias
-file server.cer -keystore cacerts.jks -keypass changeit -store-
pass changeit
Information on the certificate, such as that shown next, will appear:
Owner: CN=localhost, OU=My Company, O=Software, L=Santa Clara,
ST=CA, C=US
Issuer: CN=localhost, OU=My Company, O=Software, L=Santa Clara,
ST=CA, C=US
Serial number: 3e932169
Valid from: Mon Nov 26 18:15:47 EST 2012 until: Sun Feb 24
18:15:47 EST 2013