The name of the keystore
is .keystore (located in the working directory) with a password of
srvrpass. The certificate is considered valid for 730 days (two
years).
4. Generate a certificate signing request (CSR). Use the keytool
to generate a CSR in the PKCS#10 format, suitable for signing by your
CA. The following command creates a CSR for the self-signed certificate
identified by the alias tomcat in .keystore:
3.7 Signing a Server Certificate 169
C:\jstk-1.0.1> keytool -certreq -alias tomcat
-keystore .keystore -storepass srvrpass
-file server.csr
The generated CSR is stored in the file server.csr.
5. Sign the server certificate by the JSTK Test CA. Use the following
JSTK certtool command to sign the CSR by the JSTK Test CA:
C:\jstk-1.0.1> bin\certtool.bat issue -csrfile server.csr
-cerfile server.cer -password certauth
Issued Certificate written to file: server.cer
The command accepts the CSR, server.csr, signs the request by the
CA, and places the signed certificate in the file server.cer. The password
is the CA keystore password, certauth.
6. Import the trusted certificate into the server keystore. The last
step is to enter the following keytool command to import the
CA-signed server certificate back into the server keystore:
C:\jstk-1.0.1> keytool -import -alias tomcat
-keystore .keystore -storepass srvrpass
-file server.cer
Top-level certificate in reply:
Owner: CN=MyCompany Root CA, OU=J2EE Division,
O=MyCompany Inc.
Pages:
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220