Create Client Keystore

A client keystore is used to store a client's private certificate.

Required inputs

• client alias (for example, "myclient")
• key algorithm (for example, "RSA")
• key store filename (for example, "keystore_client")
• key store password (for example, "secretPassword")
• distinguished name to be associated with the certificate (for example, CN=myclient,OU="my site",O="Acme, Inc.",L="Cary",ST="NC",C="US")

Procedure

1. Open a command window
2. Ensure that the command window contains the JRE\bin directory in its path
   set path=%path%;C:\j2sdk1.4.2_02\bin
3. Navigate the command window to a private directory which will contain the client's keystore file (for example, C:\TomCat\webapps\MyWebApp\private\)
4. Create a client keystore which will have a private key associated with it.
   1. keytool -genkey -alias <client_alias> -keyalg <key_algorithm> -keystore <keystore_filename>
      (for example, keytool -genkey -alias myclient -keyalg RSA -keystore keystore_client )
   2. Enter keystore password: secretPassword <Return>
   3. What is your first and last name?
      [Unknown]: myclient <Return>
   4. What is the name of your organizational unit?
      [Unknown]: my site <Return>
   5. What is the name of your organization?
      [Unknown]: Acme, Inc. <Return>
   6. What is the name of your City or Locality?
      [Unknown]: Cary <Return>
   7. What is the name of your State or Province?
      [Unknown]: NC <Return>
   8. What is the two-letter country code for this unit?
      [Unknown]: US <Return>
   9. Is CN=myserver, OU="my site", O="Acme, Inc.", L=Cary, ST=NC, C=US correct?
      [no]: yes <Return>
   10. Enter key password for <myserver>
       (RETURN if same as keystore password): <Return>
5. Verify creation of the client's keystore file keystore_client.
6. The client's public certificate can now be exported from the keystore.