Monday, 1 September 2014

Key Generation using Keytool command

Steps to create Keys:

Listed are steps used for generating public and private keys for both server and client stores on Linux & Windows Machine.

While generating keys we have used following location:

Linux Machine: /home/test/keystore

Windows Machine: D:\Keystore


Step 1: Command to generate server keypair and store in a keystore

Linux Machine:
Command>keytool -genkey -alias serverKey -keyalg RSA -sigalg SHA1withRSA -dname CN=172.17.103.60,C=US -keypass welcome -keystore /home/test/keystore/server.jks -storepass welcome -validity 365





Windows Machine

Command>keytool -genkey -alias serverKey -keyalg RSA -sigalg SHA1withRSA -dname
CN=172.17.103.145,C=US -keypass welcome -keystore D:\Keystore\server.jks -storepass welcome -validity 365




Step 2: Command to generate client keypair and store in a keystore

Linux Machine:

Command>keytool -genkey -alias clientKey -keyalg RSA -sigalg SHA1withRSA -dname CN=172.17.103.60,C=US -keypass welcome -keystore /home/test/keystore/client.jks -storepass welcome  -validity 365




Windows Machine

Command>keytool -genkey -alias clientKey -keyalg RSA -sigalg SHA1withRSA -dname CN=172.17.103.145,C=US -keypass welcome -keystore D:\Keystore\client.jks -storepass welcome  -validity 365



Step 3 : Export public keys from server keystore.

Linux Machine:

Command>keytool -exportcert -alias serverKey -storepass welcome -keystore /home/test/keystore/server.jks -file /home/test/keystore/server.cer




Windows Machine:

Command>keytool -exportcert -alias serverKey -storepass welcome -keystore D:\Keystore\server.jks -file D:\Keystore\server.cer




Step 4 : Export public keys from client keystore.

Linux Machine:

Command>keytool -exportcert -alias clientKey -storepass welcome -keystore /home/test/keystore/client.jks -file /home/test/keystore/client.cer



Windows Machine:

Command>keytool -exportcert -alias clientKey -storepass welcome -keystore D:\Keystore\client.jks -file D:\Keystore\client.cer



Step 5 : Import client public key into server keystore.

Linux Machine:

Command>keytool -import -alias clientKey -file /home/test/keystore/client.cer -storepass welcome -keystore /home/test/keystore/server.jks




Windows Machine:

Command>keytool -import -alias clientKey -file D:\Keystore\client.cer -storepass welcome -keystore D:\Keystore\server.jks



Step 6: Import server public key into client keystore.

Linux Machine:

Command>keytool -import -alias serverKey -file /home/test/keystore/server.cer -storepass welcome -keystore /home/test/keystore/client.jks



Windows Machine:

Command>keytool -import -alias serverKey -file D:\Keystore\server.cer -storepass welcome -keystore D:\Keystore\client.jks



Step 7: List server keystore content to verify

Linux Machine:

Command>keytool -list -storepass welcome -keystore /home/test/keystore/server.jks







  
Windows Machine:

Command>keytool -list -storepass welcome -keystore D:\Keystore\server.jks



Step 8: List client keystore content to verify

Linux Machine:

Command>keytool -list -storepass welcome -keystore /home/test/keystore/client.jks



Windows Machine:

Command>keytool -list -storepass welcome -keystore D:\Keystore\client.jks



Step 9: Check the keystores and certificates.

Linux Machine:

Command>ls



  
Windows Machine:

Command>dir


Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)