Keystore setup

To create KeyStore using keytool, you first must create a key pair in the KeyStore. For example, if you enter the following command line:

keytool -genkey -alias httpadapter -keystore c:\security\keystore

keytool immediately prompts you for a password. You may enter the password of your choice (within keytool parameters), but you should specify the password entered in keytool as the value of the SSL " KeyStorePassword connector property. For further information, see KeyStorePassword.

The sample command creates the keystore named keystore in the c:\security\keystore directory. Accordingly, you would enter c:\security\keystore as the value of the SSL " KeyStore connector hierarchical property. Also from the command line example above, you would enter -alias httpadapter as the value of the SSL " KeyStoreAlias connector hierarchical property. The keytool utility then prompts you for the details of the certificate. The following illustrates what you may enter for each of the prompts. (Refer to keytool documentation.)

What is your first and last name?
     [Unknown]:  HostName
What is the name of your organizational unit?
     [Unknown]:  wbi
What is the name of your organization?
     [Unknown]:  IBM
What is the name of your City or Locality?
     [Unknown]:  Burlingame
What is the name of your State or Province?
     [Unknown]:  CA
What is the two-letter country code for this unit?
    [Unknown]:  US
Is <CN=HostName, OU=wbi, O=IBM, L=Burlingame, 
ST=CA, C=US> correct?
    [no]:  yes

keytool then prompts you for a password:

Enter key password for <httpadapter> (RETURN if same as keystore password):

Press Return to use the same password. If you want to use a self-signed certificate, you may want to export the certificate created above. In that case, enter following on the command line:

keytool -export -alias httpadapter -keystore c:\security\keystore -file
wsadapter.cer

keytool now prompts you for the keystore password. Enter the password that you entered above.

Copyright IBM Corp. 1997, 2004