Create Server Keystore

A server keystore is used to store the server's private certificate.

Required inputs

• server alias (for example, "myserver")
• key algorithm (for example, "RSA")
• key store filename (for example, "keystore_server")
• key store password (for example, "secretPassword")
• distinguished name to be associated with the certificate (for example, CN=myserver,OU="my site",O="Acme, Inc.",L="Cary",ST="NC",C="US")

Procedure

1. Open a command window
2. Ensure that the command window contains the JRE\bin directory in its path
   set path=%path%;C:\j2sdk1.4.2_02\bin
3. Navigate the command window to a private directory which will contain the server's keystore file (for example, C:\TomCat\webapps\MyWebApp\private\)
4. Create a server keystore which will have a private key associated with it.
   1. keytool -genkey -alias <server_alias> -keyalg <key_algorithm> -keystore <keystore_filename>
      (for example, keytool -genkey -alias myserver -keyalg RSA -keystore keystore_server )
   2. Enter keystore password: secretPassword <Return>
   3. What is your first and last name?
      [Unknown]: myserver <Return>
   4. What is the name of your organizational unit?
      [Unknown]: my site <Return>
   5. What is the name of your organization?
      [Unknown]: Acme, Inc. <Return>
   6. What is the name of your City or Locality?
      [Unknown]: Cary <Return>
   7. What is the name of your State or Province?
      [Unknown]: NC <Return>
   8. What is the two-letter country code for this unit?
      [Unknown]: US <Return>
   9. Is CN=myserver, OU="my site", O="Acme, Inc.", L=Cary, ST=NC, C=US correct?
      [no]: yes <Return>
   10. Enter key password for <myserver>
       (RETURN if same as keystore password): <Return>
5. Verify creation of the server's keystore file keystore_server.
6. The server's public certificate can now be exported from the keystore.