Decision Insight 20190114 (Latest) For the list of all supported Decision Insight downloads and releases, see the Downloads page. How to create a key store for HTTPS communication? This page explains cases where your certificate needs to be signed by a certification authority. More information available here: http://docs.oracle.com/javase/tutorial/security/sigcert/index.html#GenCSR. The key store for the HTTPS communication must contain only one key. If several keys exist in the key store, the node will fail to start. Create a key store and a cryptographic key A new key store is created when a cryptographic key is created (i.e. empty key store cannot be created). A cryptographic key is created with the -genkeypair command. keytool -genkeypair [OPTION]... Generates a key pair Options: -alias <alias> alias name of the entry to process -keyalg <keyalg> key algorithm name -keysize <keysize> key bit size -sigalg <sigalg> signature algorithm name -destalias <destalias> destination alias -dname <dname> distinguished name -startdate <startdate> certificate validity start date/time -ext <value> X.509 extension -validity <valDays> validity number of days -keypass <arg> key password -keystore <keystore> keystore name -storepass <arg> keystore password -storetype <storetype> keystore type -providername <providername> provider name -providerclass <providerclass> provider class name -providerarg <arg> provider argument -providerpath <pathlist> provider classpath -v verbose output -protected password through protected mechanism Example: keytool -genkeypair -keystore https.keystore -storepass someP@ssword -alias adi -keypass someP@ssword -keyalg RSA -dname "CN=adihost" Export the certificate signing request A certificate signing request is created with the -certreq command: keytool -certreq [OPTION]... Generates a certificate request Options: -alias <alias> alias name of the entry to process -sigalg <sigalg> signature algorithm name -file <filename> output file name -keypass <arg> key password -keystore <keystore> keystore name -dname <dname> distinguished name -storepass <arg> keystore password -storetype <storetype> keystore type -providername <providername> provider name -providerclass <providerclass> provider class name -providerarg <arg> provider argument -providerpath <pathlist> provider classpath -v verbose output -protected password through protected mechanism Example: keytool -certreq -keystore https.keystore -storepass someP@ssword -alias adi -keypass someP@ssword -file https.csr Send the resulting file to a certification authority. Import the reply of the certification authority The reply of the certification authority needs to be imported with the -importcert command: keytool -importcert [OPTION]... Imports a certificate or a certificate chain Options: -noprompt do not prompt -trustcacerts trust certificates from cacerts -protected password through protected mechanism -alias <alias> alias name of the entry to process -file <filename> input file name -keypass <arg> key password -keystore <keystore> keystore name -storepass <arg> keystore password -storetype <storetype> keystore type -providername <providername> provider name -providerclass <providerclass> provider class name -providerarg <arg> provider argument -providerpath <pathlist> provider classpath -v verbose output Example: keytool -import -trustcacerts -keystore https.keystore -storepass someP@ssword -alias adi -keypass someP@ssword -file <certification authority reply file> Related Links
For the list of all supported Decision Insight downloads and releases, see the Downloads page. How to create a key store for HTTPS communication? This page explains cases where your certificate needs to be signed by a certification authority. More information available here: http://docs.oracle.com/javase/tutorial/security/sigcert/index.html#GenCSR. The key store for the HTTPS communication must contain only one key. If several keys exist in the key store, the node will fail to start. Create a key store and a cryptographic key A new key store is created when a cryptographic key is created (i.e. empty key store cannot be created). A cryptographic key is created with the -genkeypair command. keytool -genkeypair [OPTION]... Generates a key pair Options: -alias <alias> alias name of the entry to process -keyalg <keyalg> key algorithm name -keysize <keysize> key bit size -sigalg <sigalg> signature algorithm name -destalias <destalias> destination alias -dname <dname> distinguished name -startdate <startdate> certificate validity start date/time -ext <value> X.509 extension -validity <valDays> validity number of days -keypass <arg> key password -keystore <keystore> keystore name -storepass <arg> keystore password -storetype <storetype> keystore type -providername <providername> provider name -providerclass <providerclass> provider class name -providerarg <arg> provider argument -providerpath <pathlist> provider classpath -v verbose output -protected password through protected mechanism Example: keytool -genkeypair -keystore https.keystore -storepass someP@ssword -alias adi -keypass someP@ssword -keyalg RSA -dname "CN=adihost" Export the certificate signing request A certificate signing request is created with the -certreq command: keytool -certreq [OPTION]... Generates a certificate request Options: -alias <alias> alias name of the entry to process -sigalg <sigalg> signature algorithm name -file <filename> output file name -keypass <arg> key password -keystore <keystore> keystore name -dname <dname> distinguished name -storepass <arg> keystore password -storetype <storetype> keystore type -providername <providername> provider name -providerclass <providerclass> provider class name -providerarg <arg> provider argument -providerpath <pathlist> provider classpath -v verbose output -protected password through protected mechanism Example: keytool -certreq -keystore https.keystore -storepass someP@ssword -alias adi -keypass someP@ssword -file https.csr Send the resulting file to a certification authority. Import the reply of the certification authority The reply of the certification authority needs to be imported with the -importcert command: keytool -importcert [OPTION]... Imports a certificate or a certificate chain Options: -noprompt do not prompt -trustcacerts trust certificates from cacerts -protected password through protected mechanism -alias <alias> alias name of the entry to process -file <filename> input file name -keypass <arg> key password -keystore <keystore> keystore name -storepass <arg> keystore password -storetype <storetype> keystore type -providername <providername> provider name -providerclass <providerclass> provider class name -providerarg <arg> provider argument -providerpath <pathlist> provider classpath -v verbose output Example: keytool -import -trustcacerts -keystore https.keystore -storepass someP@ssword -alias adi -keypass someP@ssword -file <certification authority reply file>