Create Client Keystore

A client keystore is used to store a client's private certificate.

Required inputs

Procedure

  1. Open a command window
  2. Ensure that the command window contains the JRE\bin directory in its path
    set path=%path%;C:\j2sdk1.4.2_02\bin
  3. Navigate the command window to a private directory which will contain the client's keystore file (for example, C:\TomCat\webapps\MyWebApp\private\)
  4. Create a client keystore which will have a private key associated with it.
    1. keytool -genkey -alias <client_alias> -keyalg <key_algorithm> -keystore <keystore_filename>
      (for example, keytool -genkey -alias myclient -keyalg RSA -keystore keystore_client )
    2. Enter keystore password: secretPassword <Return>
    3. What is your first and last name?
      [Unknown]: myclient <Return>
    4. What is the name of your organizational unit?
      [Unknown]: my site <Return>
    5. What is the name of your organization?
      [Unknown]: Acme, Inc. <Return>
    6. What is the name of your City or Locality?
      [Unknown]: Cary <Return>
    7. What is the name of your State or Province?
      [Unknown]: NC <Return>
    8. What is the two-letter country code for this unit?
      [Unknown]: US <Return>
    9. Is CN=myserver, OU="my site", O="Acme, Inc.", L=Cary, ST=NC, C=US correct?
      [no]: yes <Return>
    10. Enter key password for <myserver>
      (RETURN if same as keystore password): <Return>
  5. Verify creation of the client's keystore file keystore_client.
  6. The client's public certificate can now be exported from the keystore.