Generate a Key Pair and Create a Keystore

This procedure uses the Java keytool utility to generate a key and save it to a Java keystore.

Note: The CA you use may have specific options required for creating an HTTPS certificate. Review the instructions provided by the CA before creating your key pair.

To generate a new public/private key pair in a Java keystore

  1. Use the -genkeypair option to generate a key and save it to a Java keystore (newkeystore.jks in this example). For example:

    keytool -genkeypair -alias webedition -keyalg RSA -keysize 2048 -keystore newkeystore.jks -validity 365

  2. The keytool prompts you to enter a password, and values for the items that make up the distinguished name (DN) in the certificate (name = CN, organizational unit = OU, organization = O, city or locality = L, state or province = S, two letter country code = C). The generated DN will use the value "Unknown" for any fields you don't specify.
    • When you are prompted with “What is your first and last name?"

      You must enter the DNS name that is used to access the Reflection for Secure IT Web Edition server (for example webeditionhost.mycompany.com). This value is used as the CN (Common Name) in the certificate. If the CN in a certificate doesn't match the actual DNS name used to access the server, you'll see a certificate warning when you connect to the server.

    • When you are prompted with "What is the two-letter country code for this unit?"

      You must enter a valid two-letter country code (for example US).

  3. When you are prompted for a password for the alias, press Enter to use the same password you used for the keystore.

Note:

If you use the keytool command as shown above, the utility prompts you to enter values for the items that make up the distinguished name (DN) in the certificate. An alternate option is to specify this value on the command line using the -dname option. For example:

keytool -genkeypair -dname "CN=webeditionhost.mycompany.com, O=My Company, C=US" -alias webedition -keyalg RSA -keysize 2048 -keystore newkeystore.jks -validity 365