Generating keys and certificates

This topic provides information about generating keys and certificates.

Note: The examples in this topic use the keytool utility provided with the Java™ Runtime Environment (JRE). The examples in this topic assume that the command is available through the PATH environment variable.

The following command generates a key pair and certificate directly into a keystore file:

               cd <ksdir> 
keytool -keystore <ksfile> -alias jetty -genkey -keyalg RSA

The term <ksdir> is the directory used to hold the keystore file. The term <ksfile> is the name of the keystore file. Do not include the "<>" characters. For example:

            cd /etc 
</jetty></ksfile></ksdir></ksfile>

The following command prompts for information about the certificate and for passwords to protect both the keystore file and the keys within it. The only mandatory response is to provide the fully qualified hostname of the server at the What is your first and last name? prompt.

            keytool -keystore jettyks -alias jetty -genkey -keyalg RSA
Enter keystore password: secret
Re-enter new password: secret 
What is your first  and last name?
[Unknown]:  ifm.ibm.com 
What is the name of your organizational unit? 
[Unknown]: IFM User 
What is the name of your organization?
[Unknown]:
What is the name of your City or Locality?
[Unknown]:
What is the name of your State or Province?
Unknown]:
What is the two-letter country code for this unit?
[Unknown]:
Is CN=ifm.ibm.com,
OU=IFM User, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
(type "yes" or "no") [no]:   yes      

Enter key password  for <jetty>: 
(RETURN if same as  keystore password):